upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-08 18:36:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
haproxy/src
History
Willy Tarreau 287f32fd01 MINOR: listener: automatically enable SSL if a QUIC transport is found 
When a bind line is configured without the "ssl" keyword, a warning is
emitted and a crash happens at runtime:

   bind quic4@:4449 crt rsa+dh2048.pem alpn h3 allow-0rtt

   [WARNING]  (17867) : config : Proxy 'decrypt': A certificate was specified but SSL was not enabled on bind 'quic4@:4449' at [quic-mini.cfg:24] (use 'ssl').

Let's automatically turn SSL on when QUIC is detected, as it doesn't
exist without SSL anyway. It solves the runtime issue, and also makes
sure it is not possible to accidentally configure a quic listener with
no certificate since the error is detected via the SSL checks.

A warning is emitted in this case, to encourage the user to fix the
configuration so that it remains reviewable.
2022-05-20 18:41:55 +02:00
..
acl.c MINOR: acl: alphanumerically sort the ACL dump 2022-03-30 11:49:59 +02:00
action.c BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments 2022-04-25 15:28:21 +02:00
activity.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
applet.c MINOR: conn-stream/applet: Stop setting appctx as the endpoint context 2022-05-17 16:13:22 +02:00
arg.c MINOR: arg: Be able to forbid unresolved args when building an argument list 2021-09-30 16:37:05 +02:00
auth.c BUILD: auth: include missing list.h 2021-05-08 12:29:51 +02:00
backend.c CLEANUP: muxes: make mux->attach/detach take a conn_stream endpoint 2022-05-13 14:28:48 +02:00
base64.c BUG/MINOR: base64: base64urldec() ignores padding in output size check 2021-08-25 16:14:14 +02:00
cache.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
calltrace.c BUILD: calltrace: fix wrong include when building with TRACE=1 2022-04-19 08:23:30 +02:00
cbuf.c CLEANUP: tree-wide: remove a few rare non-ASCII chars 2022-03-04 08:58:32 +01:00
cfgcond.c MINOR: ssl: Add ssllib_name_startswith precondition 2021-10-13 11:28:08 +02:00
cfgdiag.c CLEANUP: assorted typo fixes in the code and comments 2021-04-26 10:42:58 +02:00
cfgparse-global.c MINOR: config: Add "cluster-secret" new global keyword 2022-05-12 17:48:35 +02:00
cfgparse-listen.c MINOR: config: use the new bind_parse_args_list() to parse a "bind" line 2022-05-20 18:39:43 +02:00
cfgparse-quic.c CLEANUP: listener: replace bind_conf->quic_force_retry with BC_O_QUIC_FORCE_RETRY 2022-05-20 18:41:51 +02:00
cfgparse-ssl.c MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known 2022-05-20 18:41:55 +02:00
cfgparse-tcp.c CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h 2022-04-26 10:59:48 +02:00
cfgparse-unix.c CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h 2022-04-26 10:59:48 +02:00
cfgparse.c MINOR: listener: automatically select a QUIC mux with a QUIC transport 2022-05-20 18:41:55 +02:00
channel.c CLEANUP: tree-wide: Remove any ref to stream-interfaces 2022-04-13 15:10:16 +02:00
check.c MEDIUM: check: Use the CS to handle subscriptions for read/write events 2022-05-19 10:12:38 +02:00
chunk.c CLEANUP: chunks: release trash also in deinit 2022-04-27 17:55:41 +02:00
cli.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
clock.c REORG: thread/clock: move the clock parts of thread_info to thread_ctx 2021-10-08 17:22:26 +02:00
compression.c CLEANUP: compression: move the default setting of maxzlibmem to defaults 2022-04-25 19:42:43 +02:00
conn_stream.c MEDIUM: check: Use the CS to handle subscriptions for read/write events 2022-05-19 10:12:38 +02:00
connection.c MINOR: connection: add flag MX_FL_FRAMED to mark muxes relying on framed xprt 2022-05-20 18:41:55 +02:00
cpuset.c BUILD: cpuset: do not use const on the source of CPU_AND/CPU_ASSIGN 2022-01-28 19:04:02 +01:00
debug.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
dgram.c REORG: dgram: rename proto_udp to dgram 2020-06-11 10:18:59 +02:00
dict.c CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec 2021-04-07 18:18:37 +02:00
dns.c MINOR: applet: Add API to start applet on a thread subset 2022-05-17 16:13:22 +02:00
dynbuf.c REORG: thread/sched: move the last dynamic thread_info to thread_ctx 2021-10-08 17:22:26 +02:00
eb32sctree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
eb32tree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
eb64tree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebimtree.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
ebistree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebmbtree.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
ebpttree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebsttree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebtree.c BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks 2020-06-16 11:30:33 +02:00
errors.c CLEANUP: ring: pass the ring watch flags to ring_attach_cli(), not in ctx.cli 2022-05-06 18:13:36 +02:00
ev_epoll.c BUILD: pollers: use an initcall to register the pollers 2022-04-25 19:00:55 +02:00
ev_evports.c BUILD: pollers: use an initcall to register the pollers 2022-04-25 19:00:55 +02:00
ev_kqueue.c BUILD: pollers: use an initcall to register the pollers 2022-04-25 19:00:55 +02:00
ev_poll.c BUILD: pollers: use an initcall to register the pollers 2022-04-25 19:00:55 +02:00
ev_select.c BUILD: pollers: use an initcall to register the pollers 2022-04-25 19:00:55 +02:00
extcheck.c MINOR: ext-check: indicate the transport and protocol of a server 2022-05-13 16:06:29 +02:00
fcgi-app.c MEDIUM: http-ana: Add a proxy option to restrict chars in request header names 2022-05-16 16:00:26 +02:00
fcgi.c CLEANUP: Reapply ist.cocci with --include-headers-for-types --recursive-includes 2022-03-21 08:30:47 +01:00
fd.c BUILD: fd: disguise the fd_set_nonblock/cloexec result 2022-04-27 10:52:21 +02:00
filters.c CLEANUP: tree-wide: Remove any ref to stream-interfaces 2022-04-13 15:10:16 +02:00
fix.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
flt_http_comp.c BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags 2022-04-15 16:22:33 +02:00
flt_spoe.c BUG/MINOR: spoe: Fix error handling in spoe_init_appctx() 2022-05-18 09:04:53 +02:00
flt_trace.c CLEANUP: Apply ist.cocci 2021-11-08 12:08:26 +01:00
freq_ctr.c CLEANUP: tree-wide: remove unneeded include time.h in ~20 files 2021-10-07 01:41:14 +02:00
frontend.c CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h 2022-04-26 10:59:48 +02:00
h1.c CLEANUP: Reapply ist.cocci with --include-headers-for-types --recursive-includes 2022-03-21 08:30:47 +01:00
h1_htx.c BUG/MEDIUM: mux-h1: Don't request more room on partial trailers 2022-04-14 11:57:06 +02:00
h2.c CLEANUP: Reapply ist.cocci with --include-headers-for-types --recursive-includes 2022-03-21 08:30:47 +01:00
h3.c MINOR: mux-quic: implement MAX_STREAM_DATA emission 2022-05-18 16:25:07 +02:00
haproxy.c MINOR: quic: Add tune.quic.retry-threshold keyword 2022-05-20 17:11:13 +02:00
hash.c REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ 2020-06-11 10:18:56 +02:00
hlua.c MINOR: applet: Add API to start applet on a thread subset 2022-05-17 16:13:22 +02:00
hlua_fcn.c CLEANUP: Add missing header to hlua_fcn.c 2022-05-17 11:40:33 +02:00
hpack-dec.c BUILD/DEBUG: hpack: use unsigned int in printf format in debug code 2022-04-12 08:40:38 +02:00
hpack-enc.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
hpack-huff.c OPTIM: hpack: read 32 bits at once when possible. 2022-04-01 17:29:06 +02:00
hpack-tbl.c BUILD/DEBUG: hpack-tbl: fix format string in standalone debug code 2022-04-12 08:30:08 +02:00
hq_interop.c MINOR: mux-quic: implement MAX_STREAM_DATA emission 2022-05-18 16:25:07 +02:00
http.c MINOR: http: Add 422-Unprocessable-Content error message 2021-09-28 16:21:25 +02:00
http_acl.c CLEANUP: acl: don't reference the generic pattern deletion function anymore 2020-11-05 19:27:09 +01:00
http_act.c BUG/MINOR: http-act: make release_http_redir() more robust 2022-04-25 16:09:26 +02:00
http_ana.c CLEANUP: http_ana: Make use of the return value of stream_generate_unique_id() 2022-05-18 07:19:01 +02:00
http_client.c CLEANUP: httpclient: Remove useless test on ss_dst in httpclient_applet_init() 2022-05-18 09:29:33 +02:00
http_conv.c BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples 2022-04-08 10:12:59 +02:00
http_fetch.c CLEANUP: tree-wide: Remove any ref to stream-interfaces 2022-04-13 15:10:16 +02:00
http_htx.c CLEANUP: Destroy http_err_chunks members during deinit 2022-04-26 23:39:43 +02:00
http_rules.c BUILD: http: remove the two unused constructors in rules and ana 2022-04-25 19:26:26 +02:00
htx.c BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() 2022-02-28 17:16:55 +01:00
init.c MINOR: init: add the pre-check callback 2022-04-22 15:45:47 +02:00
jwt.c BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls 2022-02-15 20:08:20 +01:00
lb_chash.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
lb_fas.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
lb_fwlc.c BUG/MEDIUM: leastconn: fix rare possibility of divide by zero 2021-09-22 07:24:02 +02:00
lb_fwrr.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
lb_map.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
listener.c MINOR: listener: automatically enable SSL if a QUIC transport is found 2022-05-20 18:41:55 +02:00
log.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
lru.c BUILD/DEBUG: lru: fix printf format in debug code 2022-04-12 08:19:33 +02:00
mailers.c BUG/MINOR: mailers: negotiate SMTP, not ESMTP 2022-02-17 15:45:59 +01:00
map.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
mjson.c MINOR: sample: converter: Add mjson library. 2021-04-15 17:05:38 +02:00
mqtt.c MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 2022-03-22 09:25:52 +01:00
mux_fcgi.c CLEANUP: muxes: make mux->attach/detach take a conn_stream endpoint 2022-05-13 14:28:48 +02:00
mux_h1.c CLEANUP: conn_stream: merge cs_new_from_{mux,applet} into cs_new_from_endp() 2022-05-13 14:28:48 +02:00
mux_h2.c CLEANUP: conn_stream: merge cs_new_from_{mux,applet} into cs_new_from_endp() 2022-05-13 14:28:48 +02:00
mux_pt.c CLEANUP: conn_stream: merge cs_new_from_{mux,applet} into cs_new_from_endp() 2022-05-13 14:28:48 +02:00
mux_quic.c MINOR: connection: add flag MX_FL_FRAMED to mark muxes relying on framed xprt 2022-05-20 18:41:55 +02:00
mworker-prog.c BUILD: mworker: include tools.h for platforms without unsetenv() 2022-01-28 19:04:02 +01:00
mworker.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
namespace.c REORG: include: move the error reporting functions to from log.h to errors.h 2020-06-11 10:18:59 +02:00
ncbuf.c MINOR: ncbuf: refactor ncb_advance() 2022-05-18 15:30:13 +02:00
pattern.c CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h 2021-09-11 19:58:45 +02:00
payload.c REORG: conn_stream: move conn-stream stuff in dedicated files 2022-02-24 11:00:02 +01:00
peers.c CLEANUP: peers: Remove unreachable code in peer_session_create() 2022-05-18 09:04:53 +02:00
pipe.c CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec 2021-04-07 18:18:37 +02:00
pool.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
proto_quic.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proto_sockpair.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proto_tcp.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proto_udp.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proto_uxdg.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proto_uxst.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
protocol.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proxy.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
qpack-dec.c MEDIUM: mux-quic/h3/qpack: use ncbuf for uni streams 2022-05-13 17:29:49 +02:00
qpack-enc.c MINOR: h3/qpack: fix gcc11 warnings 2021-11-08 08:59:30 +01:00
qpack-tbl.c CLEANUP: tree-wide: remove a few rare non-ASCII chars 2022-03-04 08:58:32 +01:00
queue.c MEDIUM: stream: remove the confusing SF_ADDR_SET flag 2022-05-02 16:56:01 +02:00
quic_cc.c CLEANUP: tree-wide: remove a few rare non-ASCII chars 2022-03-04 08:58:32 +01:00
quic_cc_newreno.c CLEANUP: quic: Remove window redundant variable from NewReno algorithm state struct 2022-03-04 17:47:32 +01:00
quic_frame.c CLEANUP: quic: wrong use of eb*entry() macro 2022-05-12 17:48:35 +02:00
quic_loss.c BUG/MINOR: quic: Missing time threshold multiplifier for loss delay computation 2022-04-29 16:46:56 +02:00
quic_sock.c MINOR: quic: Move quic_lstnr_dgram_dispatch() out of xprt_quic.c 2022-05-20 16:57:12 +02:00
quic_stats.c MINOR: quic_stats: Add a new stats module for QUIC 2022-05-20 17:11:13 +02:00
quic_stream.c CLEANUP: quic: wrong use of eb*entry() macro 2022-05-12 17:48:35 +02:00
quic_tls.c MINOR: quic_tls: Add quic_tls_decrypt2() implementation 2022-05-20 16:57:12 +02:00
raw_sock.c MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN 2022-04-25 20:32:15 +02:00
regex.c OPTIM: regex: PCRE2 use JIT match when JIT optimisation occured. 2020-08-14 07:53:40 +02:00
resolvers.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
ring.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
sample.c MEDIUM: backend: add new "balance hash <expr>" algorithm 2022-04-25 16:09:26 +02:00
server.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
server_state.c BUILD: server-state: avoid using not-so-portable isblank() 2022-01-28 19:04:02 +01:00
session.c BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() 2022-03-11 07:25:11 +01:00
sha1.c BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
shctx.c MINOR: shctx: add a few BUG_ON() for consistency checks 2021-11-19 19:25:13 +01:00
signal.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
sink.c MINOR: applet: Add API to start applet on a thread subset 2022-05-17 16:13:22 +02:00
slz.c IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode 2021-12-06 09:14:20 +01:00
sock.c MINOR: connection: get rid of the CO_FL_ADDR_*_SET flags 2022-05-02 17:47:46 +02:00
sock_inet.c CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec() 2022-04-26 10:59:48 +02:00
sock_unix.c CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec() 2022-04-26 10:59:48 +02:00
ssl_ckch.c BUG/MINOR: ssl: Fix crash when no private key is found in pem 2022-05-17 15:51:41 +02:00
ssl_crtlist.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
ssl_sample.c CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h 2022-04-26 10:59:48 +02:00
ssl_sock.c CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS 2022-05-20 18:39:43 +02:00
ssl_utils.c CLEANUP: Add missing header to ssl_utils.c 2022-05-17 11:40:33 +02:00
stats.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
stick_table.c CLEANUP: applet: remove the unneeded appctx->owner 2022-05-13 14:28:48 +02:00
stream.c CLEANUP: http_ana: Make use of the return value of stream_generate_unique_id() 2022-05-18 07:19:01 +02:00
task.c BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks 2022-02-14 20:10:43 +01:00
tcp_act.c BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] 2022-05-06 17:02:15 +02:00
tcp_rules.c CLEANUP: tree-wide: Remove any ref to stream-interfaces 2022-04-13 15:10:16 +02:00
tcp_sample.c CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h 2022-04-26 10:59:48 +02:00
tcpcheck.c MEDIUM: check: Use the CS to handle subscriptions for read/write events 2022-05-19 10:12:38 +02:00
thread.c CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h 2022-04-26 10:59:48 +02:00
time.c REORG: time: move time-keeping code and variables to clock.c 2021-10-08 17:22:26 +02:00
tools.c CLEANUP: config: provide cleare hints about unsupported QUIC addresses 2022-05-20 18:39:43 +02:00
trace.c BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner 2022-03-18 17:43:28 +01:00
uri_auth.c CLEANUP: Compare the return value of XXXcmp() functions with zero 2021-01-04 10:09:02 +01:00
uri_normalizer.c MINOR: uri_normalizer: Add fragment-encode normalizer 2021-05-11 17:24:32 +02:00
vars.c CLEANUP: vars: move the per-process variables initialization to vars.c 2022-02-23 17:11:33 +01:00
version.c BUILD: Fix build by including haproxy/global.h 2020-06-16 23:36:04 +02:00
wdt.c BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized 2022-05-13 11:28:08 +02:00
xprt_handshake.c BUILD: xprt: use an initcall to register the transport layers 2022-04-25 19:18:24 +02:00
xprt_quic.c CLEANUP: listener: replace bind_conf->quic_force_retry with BC_O_QUIC_FORCE_RETRY 2022-05-20 18:41:51 +02:00