Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 8068b03467055e3bd4fa5222a6efad0997e3b1cd
commit8068b03467055e3bd4fa5222a6efad0997e3b1cd[log] [tgz]
authorEmeric Brun <ebrun@haproxy.com>Thu Oct 30 19:25:24 2014 +0100
committerWilly Tarreau <w@1wt.eu>Thu Oct 30 20:03:34 2014 +0100
tree9aee26bb5c850bc2c8322abdfe5795e97e8ea54a
parent42a3e202504a74c2a6ff7b337726cc42ffa57592 [diff]
BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates

Bug reported by John Leach: no-sslv3 does not work using some certificates.

It appears that ssl ctx is not updated with configured options if the
CommonName of the certificate's subject is not found.

It applies only on the first cerificate of a configured bind line.

There is no security impact, because only invalid nameless certficates
are concerned.

This fix must be backported to 1.5
(cherry picked from commit 0bed9945eec049f12638ac3ef82e2084ac4da1c0)
2 files changed
tree: 9aee26bb5c850bc2c8322abdfe5795e97e8ea54a
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. src/
  7. tests/
  8. .gitignore
  9. CHANGELOG
  10. LICENSE
  11. Makefile
  12. README
  13. ROADMAP
  14. SUBVERS
  15. VERDATE
  16. VERSION