]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cefbbd9) | patch
MINOR: ssl: deduplicate ca-file
authorEmmanuel Hocdet <manu@gandi.net>
Thu, 24 Oct 2019 09:32:47 +0000 (11:32 +0200)
committerWilliam Lallemand <wlallemand@haproxy.org>
Thu, 28 Nov 2019 10:11:20 +0000 (11:11 +0100)
commitd4f9a60ee2648c9552503d7742530e64d28ab027
tree6bd416eb9f5102edb4557c8721a8005250850c43tree
parentcefbbd98116cc97b43711b784638789c5557e7e6commit | diff
MINOR: ssl: deduplicate ca-file

Typically server line like:
'server-template srv 1-1000 *:443 ssl ca-file ca-certificates.crt'
load ca-certificates.crt 1000 times and stay duplicated in memory.
Same case for bind line: ca-file is loaded for each certificate.
Same 'ca-file' can be load one time only and stay deduplicated in
memory.

As a corollary, this will prevent file access for ca-file when
updating a certificate via CLI.
include/common/openssl-compat.h diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git