git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Tue, 15 Jul 2008 16:58:05 +0000 (18:58 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Wed, 16 Jul 2008 08:30:06 +0000 (10:30 +0200)
commit	655e26af24c5b265e29840a1af911c6deae631b2
tree	4cc86136b25a5ed7135dfc139fe8d376942fc7bf	tree
parent	4a26d2f2fa965e4003b3bf28e5c1d601f94f6582	commit \| diff

[MINOR] acl: add req_ssl_ver in TCP, to match an SSL version

This new keyword matches an dotted version mapped into an integer.
It permits to match an SSL message protocol version just as if it
was an integer, so that it is easy to map ranges, like this :

acl obsolete_ssl  req_ssl_ver   lt 3
acl correct_ssl   req_ssl_ver   3.0-3.1
acl invalid_ssl   req_ssl_ver   gt 3.1

Both SSLv2 hello messages and SSLv3 messages are supported. The
test tries to be strict enough to avoid being easily fooled. In
particular, it waits for as many bytes as announced in the message
header if this header looks valid (bound to the buffer size).

The same decoder will be usable with minor changes to check the
response messages.

src/proto_tcp.c		diff \| blob \| blame \| history
tests/test-inspect-ssl.cfg	[new file with mode: 0644]	blob