]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ce6951d) | patch
MEDIUM: ssl/crt-list: warn on negative wildcard filters
authorWilliam Lallemand <wlallemand@haproxy.com>
Fri, 4 Apr 2025 15:13:51 +0000 (17:13 +0200)
committerWilliam Lallemand <wlallemand@haproxy.com>
Fri, 4 Apr 2025 15:13:51 +0000 (17:13 +0200)
commita9ae6b516decf82186fdc715d9931d19d76db084
treed7f5d98516f0d9a27116e94e41e9556f4a080786tree
parentce6951d6f9259f778c0271da54a615c892184691commit | diff
MEDIUM: ssl/crt-list: warn on negative wildcard filters

negative wildcard filters were always a noop, and are not useful for
anything unless you want to use !* alone to remove every name from a
certificate.

This is confusing and the documentation never stated it correctly. This
patch adds a warning during the bind initialization if it founds one,
only !* does not emit a warning.

This patch was done during the debugging of issue #2900.
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git