]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9b25982) | patch
MEDIUM: ssl: {ca,crt}-ignore-err can now use error constant name
authorWilliam Lallemand <wlallemand@haproxy.org>
Thu, 3 Nov 2022 15:31:50 +0000 (16:31 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Thu, 10 Nov 2022 12:28:37 +0000 (13:28 +0100)
commit960fb74cae15cf00030fda22836284989fe5a1c0
tree0fb27bdeccbf9c419095cefec3a3ae4f0ffc757atree
parent9b25982716f0416c28f8fc894c58eb40885cf9e5commit | diff
MEDIUM: ssl: {ca,crt}-ignore-err can now use error constant name

The ca-ignore-err and crt-ignore-err directives are now able to use the
openssl X509_V_ERR constant names instead of the numerical values.

This allow a configuration to survive an OpenSSL upgrade, because the
numerical ID can change between versions. For example
X509_V_ERR_INVALID_CA was 24 in OpenSSL 1 and is 79 in OpenSSL 3.

The list of errors must be updated when a new major OpenSSL version is
released.
doc/configuration.txt diff | blob | blame | history
include/haproxy/ssl_utils.h diff | blob | blame | history
reg-tests/ssl/ssl_client_auth.vtc diff | blob | blame | history
src/cfgparse-ssl.c diff | blob | blame | history
src/ssl_utils.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git