mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-10 07:49:54 +00:00
haproxy public development tree
9543d5ad5b
In case of error while calling a SSL_read or SSL_write, the SSL_get_error function is called in order to know more about the error that happened. If the error code is SSL_ERROR_SSL or SSL_ERROR_SYSCALL, the error queue might contain more information on the error. This error code was not used until now. But we now need to store it in order for backend error fetches to catch all handshake related errors. The change was required because the previous backend fetch would not have raised anything if the client's certificate was rejected by the server (and the connection interrupted). This happens because starting from TLS1.3, the 'Finished' state on the client is reached before its certificate is sent to the server (see the "Protocol Overview" part of RFC 8446). The only place where we can detect that the server rejected the certificate is after the first SSL_read call after the SSL_do_handshake function. This patch then adds an extra ERR_peek_error after the SSL_read and SSL_write calls in ssl_sock_to_buf and ssl_sock_from_buf. This means that it could set an error code in the SSL context a long time after the handshake is over, hence the change in the error fetches. |
||
|---|---|---|
| .github | ||
| addons | ||
| admin | ||
| dev | ||
| doc | ||
| examples | ||
| include | ||
| reg-tests | ||
| scripts | ||
| src | ||
| tests | ||
| .cirrus.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .travis.yml | ||
| BRANCHES | ||
| CHANGELOG | ||
| CONTRIBUTING | ||
| INSTALL | ||
| LICENSE | ||
| MAINTAINERS | ||
| Makefile | ||
| README | ||
| ROADMAP | ||
| SUBVERS | ||
| VERDATE | ||
| VERSION | ||
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)