Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 07c3d78c2c0693ee37db71c34723597638b6ab3f
commit07c3d78c2c0693ee37db71c34723597638b6ab3f[log] [tgz]
authorThierry FOURNIER / OZON.IO <thierry.fournier@ozon.io>Thu Oct 06 10:56:48 2016 +0200
committerWilly Tarreau <w@1wt.eu>Mon Oct 24 19:13:12 2016 +0200
tree4d8d1ba403b85d6d75f41f13d74b66aa163c6e01
parent7a3bd3b9dc43509bb1869389dcf91e35c0155f9b [diff]
BUG/MINOR: ssl: prevent multiple entries for the same certificate

Today, the certificate are indexed int he SNI tree using their CN and the
list of thier AltNames. So, Some certificates have the same names in the
CN and one of the AltNames entries.

Typically Let's Encrypt duplicate the the DNS name in the CN and the
AltName.

This patch prevents the creation of identical entries in the trees. It
checks the same DNS name and the same SSL context.

If the same certificate is registered two time it will be duplicated.

This patch should be backported in the 1.6 and 1.5 version.
1 file changed
tree: 4d8d1ba403b85d6d75f41f13d74b66aa163c6e01
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. scripts/
  7. src/
  8. tests/
  9. .gitignore
  10. CHANGELOG
  11. CONTRIBUTING
  12. LICENSE
  13. MAINTAINERS
  14. Makefile
  15. README
  16. ROADMAP
  17. SUBVERS
  18. VERDATE
  19. VERSION