RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-21 13:16:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
150bfa84e3
haproxy/include/proto
History
William Lallemand 150bfa84e3 MEDIUM: ssl/cli: 'set ssl cert' updates a certificate from the CLI 
$ echo -e "set ssl cert certificate.pem <<\n$(cat certificate2.pem)\n" | \
    socat stdio /var/run/haproxy.stat
    Certificate updated!

The operation is locked at the ckch level with a HA_SPINLOCK_T which
prevents the ckch architecture (ckch_store, ckch_inst..) to be modified
at the same time. So you can't do a certificate update at the same time
from multiple CLI connections.

SNI trees are also locked with a HA_RWLOCK_T so reading operations are
locked only during a certificate update.

Bundles are supported but you need to update each file (.rsa|ecdsa|.dsa)
independently. If a file is used in the configuration as a bundle AND
as a unique certificate, both will be updated.

Bundles, directories and crt-list are supported, however filters in
crt-list are currently unsupported.

The code tries to allocate every SNIs and certificate instances first,
so it can rollback the operation if that was unsuccessful.

If you have too much instances of the certificate (at least 20000 in my
tests on my laptop), the function can take too much time and be killed
by the watchdog. This will be fixed later. Also with too much
certificates it's possible that socat exits before the end of the
generation without displaying a message, consider changing the socat
timeout in this case (-t2 for example).

The size of the certificate is currently limited by the maximum size of
a payload, that must fit in a buffer.
2019-10-11 17:32:03 +02:00
..
acl.h MINOR: acl: Pass the ACLs as an explicit parameter of build_acl_cond 2017-10-31 11:36:12 +01:00
action.h MINOR: action: new '(http-request|tcp-request content) do-resolve' action 2019-04-23 11:41:52 +02:00
activity.h MINOR: time: move the cpu, mono, and idle time to thread_info 2019-05-20 21:14:14 +02:00
applet.h MINOR: applet: make appctx use their own pool 2019-07-18 10:45:08 +02:00
arg.h MINOR: sample: Moves ARGS underlying type from 32 to 64 bits. 2016-03-15 22:11:52 +01:00
auth.h MEDIUM: pattern: The match function browse itself the list or the tree. 2014-03-17 18:06:07 +01:00
backend.h MAJOR: stream: store the target address into s->target_addr 2019-07-19 13:50:09 +02:00
channel.h BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si 2019-07-05 14:26:15 +02:00
checks.h BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix 2017-11-07 11:10:24 +01:00
cli.h MINOR: cli: add cli_msg(), cli_err(), cli_dynmsg(), cli_dynerr() 2019-08-09 10:11:38 +02:00
compression.h REORG: filters: Prepare creation of the HTTP compression filter 2016-02-09 14:53:15 +01:00
connection.h MEDIUM: list: Separate "locked" list from regular list. 2019-09-23 18:16:08 +02:00
dict.h MINOR: dict: Add dictionary new data structure. 2019-06-05 08:33:35 +02:00
dns.h MINOR: action: new '(http-request|tcp-request content) do-resolve' action 2019-04-23 11:41:52 +02:00
fcgi-app.h MEDIUM: fcgi-app: Add FCGI application and filter 2019-09-17 10:18:54 +02:00
fd.h BUG/MEDIUM: fd: HUP is an error only when write is active 2019-10-01 11:52:08 +02:00
filters.h MEDIUM: fcgi-app: Add FCGI application and filter 2019-09-17 10:18:54 +02:00
flt_http_comp.h MINOR: compression: Rename the function check_legacy_http_comp_flt() 2018-12-11 17:09:31 +01:00
freq_ctr.h OPTIM: freq-ctr: don't take the date lock for most updates 2019-05-25 20:31:53 +02:00
frontend.h REORG/MAJOR: session: rename the "session" entity to "stream" 2015-04-06 11:23:56 +02:00
h1_htx.h MINOR: h1-htx: Update h1_copy_msg_data() to ease the traces in the mux-h1 2019-10-04 15:46:59 +02:00
hlua_fcn.h MINOR: lua: add utility function for check boolean argument 2016-11-24 21:35:10 +01:00
hlua.h MINOR: lua: export applet and task handlers 2019-08-21 14:32:09 +02:00
http_ana.h CLEANUP: http-ana: Remove the unused function http_send_name_header() 2019-09-27 08:48:53 +02:00
http_fetch.h MEDIUM: http_fetch: Remove code relying on HTTP legacy mode 2019-07-19 09:18:27 +02:00
http_htx.h BUG/MINOR: http_htx: Support empty errorfiles 2019-07-23 14:58:32 +02:00
http_rules.h REORG: http: move HTTP rules parsing to http_rules.c 2018-10-02 18:28:05 +02:00
lb_chash.h MINOR: lb: allow redispatch when using consistent hash 2019-01-02 20:22:17 +01:00
lb_fas.h
lb_fwlc.h
lb_fwrr.h
lb_map.h MEDIUM: threads/lb: Make LB algorithms (lb_*.c) thread-safe 2017-10-31 13:58:31 +01:00
listener.h MEDIUM: ssl/cli: 'set ssl cert' updates a certificate from the CLI 2019-10-11 17:32:03 +02:00
log.h MINOR: log: Provide a function to emit a log for an application 2019-09-17 10:18:54 +02:00
map.h MINOR: samples: rename some struct member from "smp" to "data" 2015-08-20 17:13:46 +02:00
mux_pt.h MEDIUM: connection: start to introduce a mux layer between xprt and data 2017-10-31 18:03:23 +01:00
mworker.h BUG/MINOR: mworker: Fix memory leak of mworker_proc members 2019-05-22 11:29:18 +02:00
obj_type.h CLEANUP: objtype: make obj_type() and obj_type_name() take consts 2019-05-22 11:50:48 +02:00
pattern.h BUG/MEDIUM: map/acl: fix unwanted flags inheritance. 2017-07-04 10:45:53 +02:00
payload.h REORG/MAJOR: session: rename the "session" entity to "stream" 2015-04-06 11:23:56 +02:00
peers.h MINOR: peers: Make peers protocol support new "server_name" data type. 2019-06-05 08:42:33 +02:00
pipe.h
port_range.h BUG/MEDIUM: port_range: Make the ring buffer lock-free. 2019-04-30 15:10:17 +02:00
proto_sockpair.h MEDIUM: protocol: sockpair protocol 2018-09-12 07:20:17 +02:00
proto_tcp.h MEDIUM: proto: Change the prototype of the connect() method. 2019-05-06 22:12:57 +02:00
proto_udp.h CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() 2016-04-14 11:18:22 +02:00
protocol_buffers.h BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
protocol.h BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff 2019-07-24 16:45:02 +02:00
proxy.h CLEANUP: proxy: Remove proxy_tbl_by_name 2019-09-30 04:11:36 +02:00
queue.h MEDIUM: init: use initcall for all fixed size pool creations 2018-11-26 19:50:32 +01:00
raw_sock.h CLEANUP: connection: unexport raw_sock and ssl_sock 2016-12-22 23:26:38 +01:00
ring.h MINOR: ring: add a generic CLI io_handler to dump a ring buffer 2019-08-27 17:14:19 +02:00
sample.h CLEANUP: Fix typos in the sample subsystem 2018-11-18 22:26:42 +01:00
server.h MEDIUM: servers: Use LIST_DEL_INIT() instead of LIST_DEL(). 2019-09-23 18:16:08 +02:00
session.h BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions. 2019-07-04 14:28:18 +02:00
shctx.h BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
signal.h MEDIUM: initcall: use initcalls for a few initialization functions 2018-11-26 19:50:32 +01:00
sink.h MINOR: sink: now report the number of dropped events on output 2019-08-27 17:14:19 +02:00
spoe.h BUG/MEDIUM: spoe: Be sure the sample is found before setting its context 2019-05-07 22:16:41 +02:00
ssl_sock.h MINOR: ssl: Make ssl_sock_handshake() static. 2019-06-05 18:03:38 +02:00
stats.h MINOR: stats: prepare to add a description with each stat/info field 2019-10-10 11:30:07 +02:00
stick_table.h MINOR: stick-table: Add "server_name" new data type. 2019-06-05 08:33:35 +02:00
stream_interface.h MINOR: backend: switch to conn_get_{src,dst}() for port and address mapping 2019-07-19 13:50:09 +02:00
stream.h BUG/MEDIUM: streams: Don't redispatch with L7 retries if redispatch isn't set. 2019-07-12 16:17:50 +02:00
task.h MEDIUM: task: Split the tasklet list into two lists. 2019-10-11 16:37:41 +02:00
tcp_rules.h MINOR: action: Use trk_idx instead of tcp/http_trk_idx 2017-10-31 11:36:12 +01:00
template.h
trace.h MINOR: trace: change the detail_level to per-source verbosity 2019-08-29 17:11:25 +02:00
vars.h MINOR: vars: Add 'unset-var' action/converter 2016-11-09 22:57:01 +01:00