]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c044e2) | patch
BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
authorEmmanuel Hocdet <manu@gandi.net>
Wed, 6 Nov 2019 15:05:34 +0000 (16:05 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Thu, 5 Dec 2019 09:49:24 +0000 (10:49 +0100)
commit3777e3ad14f2ce54b6662fd0db56413dde9ec9fa
treeaa85b6f67d8b9540a6f4ad091a39d8fd99bbfd29tree
parent4c044e274c16fde42863c476449895b0fd603818commit | diff
BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1

It's regression from 9f9b0c6 "BUG/MEDIUM: ECC cert should work with
TLS < v1.2 and openssl >= 1.1.1". Wilcard EC certifcate could be selected
at the expense of specific RSA certificate.
In any case, specific certificate should always selected first, next wildcard.
Reflect this rule in a loop to avoid any bug in certificate selection changes.

Fix issue #394.

It should be backported as far as 1.8.
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git