]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 58103bc) | patch
MEDIUM: ssl: temporarily load files by detecting their presence in crt-store
authorWilliam Lallemand <wlallemand@haproxy.com>
Tue, 7 May 2024 07:40:17 +0000 (09:40 +0200)
committerWilliam Lallemand <wlallemand@haproxy.com>
Fri, 17 May 2024 15:35:51 +0000 (17:35 +0200)
commit55e9e95914504f15dfdfaaae71074789e46e9329
tree5b404e5be36f8e61b17e492a740b3f95b40bd042tree
parent58103bc8e60a22d3d7dafade708115dfb7d8e135commit | diff
MEDIUM: ssl: temporarily load files by detecting their presence in crt-store

crt-store is maint to be stricter than your common crt argument on a
bind line, and is supposed to be a declarative format.

However, since the 'ocsp-update' was migrated from ssl_conf to
ckch_conf, the .issuer file is not autodetected anymore when adding a
ocsp-update keyword in a crt-list file, which breaks retro-compatibility.

This patch is a quick fix that will disappear once we are able to be
strict on a crt-store and autodetect on a crt-list.
include/haproxy/ssl_ckch.h diff | blob | blame | history
reg-tests/ssl/crt_store.vtc diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git