RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
haproxy/reg-tests/ssl
History
Willy Tarreau 68574dd492 MEDIUM: log: add the client's SNI to the default HTTPS log format 
During a troublehooting it came obvious that the SNI always ought to
be logged on httpslog, as it explains errors caused by selection of
the default certificate (or failure to do so in case of strict-sni).

This expectation was also confirmed on the mailing list.

Since the field may be empty it appeared important not to leave an
empty string in the current format, so it was decided to place the
field before a '/' preceding the SSL version and ciphers, so that
in the worst case a missing field leads to a field looking like
"/TLSv1.2/AES...", though usually a missing element still results
in a "-" in logs.

This will change the log format for users who already deployed the
2.5-dev versions (hence the medium level) but no released version
was using this format yet so there's no harm for stable deployments.
The reg-test was updated to check for "-" there since we don't send
SNI in reg-tests.

Link: https://www.mail-archive.com/haproxy@formilux.org/msg41410.html
Cc: William Lallemand <wlallemand@haproxy.org>
 		2021-11-06 09:20:07 +01:00
..
README
add_ssl_crt-list.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ca-auth.crt
cert1-example.com.pem.ecdsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
cert1-example.com.pem.rsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
cert2-example.com.pem.ecdsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
cert2-example.com.pem.rsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
client1.pem
client2_expired.pem
client3_revoked.pem
common.crt REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
common.key REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
common.pem
crl-auth.pem
del_ssl_crt-list.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ecdsa.crt REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
ecdsa.key REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
ecdsa.pem
filters.crt-list REGTEST: ssl: test wildcard and multi-type + exclusions 2020-11-06 14:59:36 +01:00
interCA1_crl.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
interCA1_crl_empty.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
interCA2_crl.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
interCA2_crl_empty.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
localhost.crt-list
new_del_ssl_cafile.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
new_del_ssl_crlfile.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
rootCA_crl.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
set_cafile_client.pem REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_interCA1.crt REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_interCA2.crt REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_rootCA.crt REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_server.pem REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_default_cert.crt-list BUG/MINOR: ssl: Fix update of default certificate 2021-03-26 13:06:29 +01:00
set_default_cert.pem BUG/MINOR: ssl: Fix update of default certificate 2021-03-26 13:06:29 +01:00
set_ssl_cafile.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
set_ssl_cert.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
set_ssl_cert_bundle.vtc REGTESTS: ssl: re-enable set_ssl_cert_bundle.vtc 2021-10-14 11:06:16 +02:00
set_ssl_cert_noext.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
set_ssl_crlfile.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
set_ssl_server_cert.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
show_ocsp_server.pem REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ocsp_server.pem.issuer REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ocsp_server.pem.ocsp REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ocsp_server.pem.ocsp.revoked REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ssl_ocspresponse.vtc REGTESTS: ssl: wrong feature cmd in show_ssl_ocspresponse.vtc 2021-09-30 18:45:18 +02:00
simple.crt-list BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded 2020-11-06 16:39:39 +01:00
ssl_client_auth.vtc REGTESTS: Remove REQUIRE_VERSION=1.6 from all tests 2021-06-11 19:21:28 +02:00
ssl_client_samples.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ssl_crt-list_filters.vtc REGTESTS: ssl: enable ssl_crt-list_filters.vtc again 2021-09-30 15:39:59 +02:00
ssl_default_server.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ssl_errors.vtc MEDIUM: log: add the client's SNI to the default HTTPS log format 2021-11-06 09:20:07 +01:00
ssl_frontend_samples.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ssl_server_samples.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ssl_simple_crt-list.vtc CLEANUP: reg-tests: Remove obsolete no-htx parameter for reg-tests 2021-06-04 15:41:21 +02:00
wrong_ctx_storage.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00

README 

File list:
 - common.pem: PEM file which may be used by most of the VTC files.