Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 37cfc783fe371d8841ba69e32c0e8e3401499a2a
commit37cfc783fe371d8841ba69e32c0e8e3401499a2a[log] [tgz]
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>Fri Mar 26 10:47:50 2021 +0100
committerWilliam Lallemand <wlallemand@haproxy.org>Wed Mar 31 10:00:30 2021 +0200
treef463e0130f59ed1fb31bfcff1a3bc9870658d97d
parent358a82232edb885c466159b9ed487dd8ec8fb226 [diff]
BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one

If the first active line of a crt-list file is also the first mentioned
certificate of a frontend that does not have the strict-sni option
enabled, then its certificate will be used as the default one. We then
do not want this instance to be removable since it would make a frontend
lose its default certificate.
Considering that a crt-list file can be used by multiple frontends, and
that its first mentioned certificate can be used as default certificate
for only a subset of those frontends, we do not want the line to be
removable for some frontends and not the others. So if any of the ckch
instances corresponding to a crt-list line is a default instance, the
removal of the crt-list line will be forbidden.

It can be backported as far as 2.2.

(cherry picked from commit bc2c386992decb1ec8b0096f0b2ffd860e9cd559)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
2 files changed
tree: f463e0130f59ed1fb31bfcff1a3bc9870658d97d
  1. .github/
  2. contrib/
  3. doc/
  4. examples/
  5. include/
  6. reg-tests/
  7. scripts/
  8. src/
  9. tests/
  10. .cirrus.yml
  11. .gitattributes
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION