upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-15 21:59:41 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/include
History
William Lallemand 7120c77b14 MEDIUM: ssl: support for ECDA+RSA certificate selection with AWS-LC 
AWS-LC does not support the SSL_CTX_set_client_hello_cb() function from
OpenSSL which allows to analyze ciphers and signatures algorithm of the
ClientHello. However it supports the SSL_CTX_set_select_certificate_cb()
which allows the same thing but was the implementation from the
boringSSL side.

This patch uses the SSL_CTX_set_select_certificate_cb() as well as the
SSL_early_callback_ctx_extension_get() function to get the signature
algorithms.

This was successfully tested with openssl s_client as well as
testssl.sh.

This should allow to enable more reg-tests that depend on certificate
selection.

Require at least AWS-LC 1.22.0.
2024-06-13 19:36:40 +02:00
..
haproxy MEDIUM: ssl: support for ECDA+RSA certificate selection with AWS-LC 2024-06-13 19:36:40 +02:00
import MINOR: ist: define iststrip() new function 2024-04-26 11:29:25 +02:00
make BUILD: makefile: support USE_xxx=0 as well 2024-04-11 11:06:19 +02:00