upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-20 00:10:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 14
haproxy/include
History
Christopher Faulet 48a8332a4a BUG/MEDIUM: ssl: Fix regression about certificates generation 
Since the commit f6b37c67 ["BUG/MEDIUM: ssl: in bind line, ssl-options after
'crt' are ignored."], the certificates generation is broken.

To generate a certificate, we retrieved the private key of the default
certificate using the SSL object. But since the commit f6b37c67, the SSL object
is created with a dummy certificate (initial_ctx).

So to fix the bug, we use directly the default certificate in the bind_conf
structure. We use SSL_CTX_get0_privatekey function to do so. Because this
function does not exist for OpenSSL < 1.0.2 and for LibreSSL, it has been added
in openssl-compat.h with the right #ifdef.
2017-07-28 18:25:18 +02:00
..
common MINOR: memory: remove macros 2017-07-21 09:54:03 +02:00
import CLEANUP: da: move global settings out of the global section 2016-12-21 21:30:54 +01:00
proto BUG/MEDIUM: ssl: Fix regression about certificates generation 2017-07-28 18:25:18 +02:00
types MINOR: ssl: add "no-ca-names" parameter for bind 2017-07-28 15:20:48 +02:00