mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-15 16:04:37 +00:00
68574dd492
During a troublehooting it came obvious that the SNI always ought to be logged on httpslog, as it explains errors caused by selection of the default certificate (or failure to do so in case of strict-sni). This expectation was also confirmed on the mailing list. Since the field may be empty it appeared important not to leave an empty string in the current format, so it was decided to place the field before a '/' preceding the SSL version and ciphers, so that in the worst case a missing field leads to a field looking like "/TLSv1.2/AES...", though usually a missing element still results in a "-" in logs. This will change the log format for users who already deployed the 2.5-dev versions (hence the medium level) but no released version was using this format yet so there's no harm for stable deployments. The reg-test was updated to check for "-" there since we don't send SNI in reg-tests. Link: https://www.mail-archive.com/haproxy@formilux.org/msg41410.html Cc: William Lallemand <wlallemand@haproxy.org> |
||
|---|---|---|
| .. | ||
| add_ssl_crt-list.vtc | ||
| ca-auth.crt | ||
| cert1-example.com.pem.ecdsa | ||
| cert1-example.com.pem.rsa | ||
| cert2-example.com.pem.ecdsa | ||
| cert2-example.com.pem.rsa | ||
| client1.pem | ||
| client2_expired.pem | ||
| client3_revoked.pem | ||
| common.crt | ||
| common.key | ||
| common.pem | ||
| crl-auth.pem | ||
| del_ssl_crt-list.vtc | ||
| ecdsa.crt | ||
| ecdsa.key | ||
| ecdsa.pem | ||
| filters.crt-list | ||
| interCA1_crl_empty.pem | ||
| interCA1_crl.pem | ||
| interCA2_crl_empty.pem | ||
| interCA2_crl.pem | ||
| localhost.crt-list | ||
| new_del_ssl_cafile.vtc | ||
| new_del_ssl_crlfile.vtc | ||
| README | ||
| rootCA_crl.pem | ||
| set_cafile_client.pem | ||
| set_cafile_interCA1.crt | ||
| set_cafile_interCA2.crt | ||
| set_cafile_rootCA.crt | ||
| set_cafile_server.pem | ||
| set_default_cert.crt-list | ||
| set_default_cert.pem | ||
| set_ssl_cafile.vtc | ||
| set_ssl_cert_bundle.vtc | ||
| set_ssl_cert_noext.vtc | ||
| set_ssl_cert.vtc | ||
| set_ssl_crlfile.vtc | ||
| set_ssl_server_cert.vtc | ||
| show_ocsp_server.pem | ||
| show_ocsp_server.pem.issuer | ||
| show_ocsp_server.pem.ocsp | ||
| show_ocsp_server.pem.ocsp.revoked | ||
| show_ssl_ocspresponse.vtc | ||
| simple.crt-list | ||
| ssl_client_auth.vtc | ||
| ssl_client_samples.vtc | ||
| ssl_crt-list_filters.vtc | ||
| ssl_default_server.vtc | ||
| ssl_errors.vtc | ||
| ssl_frontend_samples.vtc | ||
| ssl_server_samples.vtc | ||
| ssl_simple_crt-list.vtc | ||
| wrong_ctx_storage.vtc | ||
File list: - common.pem: PEM file which may be used by most of the VTC files.