mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-02-07 22:12:08 +00:00
61944f7a73
In case of a connection error happening after the SSL handshake is completed, the error code stored in the connection structure would not always be set, hence having some connection failures being described as successful in the fc_conn_err or bc_conn_err sample fetches. The most common case in which it could happen is when the SSL server rejects the client's certificate. The SSL_do_handshake call on the client side would be sucessful because the client effectively sent its client hello and certificate information to the server, but the next call to SSL_read on the client side would raise an SSL_ERROR_SSL code (through the SSL_get_error function) which is decribed in OpenSSL documentation as a non-recoverable and fatal SSL error. This patch ensures that in such a case, the connection's error code is set to a special CO_ERR_SSL_FATAL value. |
||
|---|---|---|
| .. | ||
| design-thoughts | ||
| internals | ||
| lua-api | ||
| 51Degrees-device-detection.txt | ||
| acl.fig | ||
| architecture.txt | ||
| close-options.txt | ||
| coding-style.txt | ||
| configuration.txt | ||
| cookie-options.txt | ||
| DeviceAtlas-device-detection.txt | ||
| gpl.txt | ||
| haproxy.1 | ||
| intro.txt | ||
| lgpl.txt | ||
| linux-syn-cookies.txt | ||
| lua.txt | ||
| management.txt | ||
| netscaler-client-ip-insertion-protocol.txt | ||
| network-namespaces.txt | ||
| peers-v2.0.txt | ||
| peers.txt | ||
| proxy-protocol.txt | ||
| queuing.fig | ||
| regression-testing.txt | ||
| seamless_reload.txt | ||
| SOCKS4.protocol.txt | ||
| SPOE.txt | ||
| WURFL-device-detection.txt | ||