Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 655e26af24c5b265e29840a1af911c6deae631b2
commit655e26af24c5b265e29840a1af911c6deae631b2[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Tue Jul 15 18:58:05 2008 +0200
committerWilly Tarreau <w@1wt.eu>Wed Jul 16 10:30:06 2008 +0200
tree4cc86136b25a5ed7135dfc139fe8d376942fc7bf
parent4a26d2f2fa965e4003b3bf28e5c1d601f94f6582 [diff]
[MINOR] acl: add req_ssl_ver in TCP, to match an SSL version

This new keyword matches an dotted version mapped into an integer.
It permits to match an SSL message protocol version just as if it
was an integer, so that it is easy to map ranges, like this :

	acl obsolete_ssl  req_ssl_ver   lt 3
	acl correct_ssl   req_ssl_ver   3.0-3.1
	acl invalid_ssl   req_ssl_ver   gt 3.1

Both SSLv2 hello messages and SSLv3 messages are supported. The
test tries to be strict enough to avoid being easily fooled. In
particular, it waits for as many bytes as announced in the message
header if this header looks valid (bound to the buffer size).

The same decoder will be usable with minor changes to check the
response messages.
2 files changed
tree: 4cc86136b25a5ed7135dfc139fe8d376942fc7bf
  1. contrib/
  2. doc/
  3. examples/
  4. include/
  5. src/
  6. tests/
  7. .gitignore
  8. CHANGELOG
  9. CONTRIB
  10. LICENSE
  11. Makefile
  12. Makefile.bsd
  13. Makefile.osx
  14. README
  15. ROADMAP
  16. SUBVERS
  17. TODO
  18. VERDATE
  19. VERSION