RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-06 03:18:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
0d6b7a490e
haproxy/include
History
Christopher Faulet 635c0adec2 BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates 
The serial number for a generated certificate was computed using the requested
servername, without any variable/random part. It is not a problem from the
moment it is not regenerated.

But if the cache is disabled or when the certificate is evicted from the cache,
we may need to regenerate it. It is important to not reuse the same serial
number for the new certificate. Else clients (especially browsers) trigger a
warning because 2 certificates issued by the same CA have the same serial
number.

So now, the serial is a static variable initialized with now_ms (internal date
in milliseconds) and incremented at each new certificate generation.

(Ref MPS-2031)
2016-02-09 09:04:53 +01:00
..
common MEDIUM: pools: add a new flag to avoid rounding pool size up 2016-01-25 02:31:18 +01:00
import MINOR: lru: new function to delete <nb> least recently used keys 2016-01-11 07:31:35 +01:00
proto BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates 2016-02-09 09:04:53 +01:00
types BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn 2015-12-20 23:13:00 +01:00