]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5e10e44) | patch
BUG/MEDIUM: ssl: OCSP must work with BoringSSL
authorEmmanuel Hocdet <ehocdet@club.fr>
Mon, 26 Oct 2020 12:55:30 +0000 (13:55 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Tue, 27 Oct 2020 08:38:51 +0000 (09:38 +0100)
commita73a222a9863e5f6763786845c1ff9e7e1038c3c
tree8d8a6b4c6835b7c5b33c5932b9deefdc859ff12ctree
parent5e10e44bce78677e2d8ccfc5e8be33fb2c6a6011commit | diff
BUG/MEDIUM: ssl: OCSP must work with BoringSSL

It's a regression from b3201a3e "BUG/MINOR: disable dynamic OCSP load
with BoringSSL". The origin bug is link to 76b4a12 "BUG/MEDIUM: ssl:
memory leak of ocsp data at SSL_CTX_free()": ssl_sock_free_ocsp()
shoud be in #ifndef OPENSSL_IS_BORINGSSL.
To avoid long #ifdef for small code, the BoringSSL part for ocsp load
is isolated in a simple #ifdef.

This must be backported in 2.2 and 2.1
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git