]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cbaaec4) | patch
MEDIUM: config: implement maxsslconn in the global section
authorWilly Tarreau <w@1wt.eu>
Thu, 6 Sep 2012 09:58:37 +0000 (11:58 +0200)
committerWilly Tarreau <w@1wt.eu>
Thu, 6 Sep 2012 10:10:43 +0000 (12:10 +0200)
commit403edff4b81e6e7dacc0a71e293101898fb292f4
tree4b267709c50ebb7d938e8e418d05c5c89146a61atree | snapshot
parentcbaaec475c55d65d21ce87d221e69545ae63b75acommit | diff
MEDIUM: config: implement maxsslconn in the global section

SSL connections take a huge amount of memory, and unfortunately openssl
does not check malloc() returns and easily segfaults when too many
connections are used.

The only solution against this is to provide a global maxsslconn setting
to reject SSL connections above the limit in order to avoid reaching
unsafe limits.
doc/configuration.txt diff | blob | blame | history
include/types/global.h diff | blob | blame | history
src/cfgparse.c diff | blob | blame | history
src/haproxy.c diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git