Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 545989f37f56b47a52af410e5c41aa0531dd1ef3
commit545989f37f56b47a52af410e5c41aa0531dd1ef3[log] [tgz]
authorOlivier Houchard <ohouchard@haproxy.com>Tue Dec 17 15:39:54 2019 +0100
committerOlivier Houchard <cognet@ci0.org>Tue Dec 17 15:45:38 2019 +0100
tree99ec98b83105ab3ad2acbdf7b33f176850dbdcca
parentcd3732456bda55d4cde9d20651560496c0ab9322 [diff]
BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.

When accepting the max early data, don't set it on the SSL_CTX while parsing
the configuration, as at this point global.tune.maxrewrite may still be -1,
either because it was not set, or because it hasn't been set yet. Instead,
set it for each connection, just after we created the new SSL.
Not doing so meant that we could pretend to accept early data bigger than one
of our buffer.

This should be backported to 2.1, 2.0, 1.9 and 1.8.
1 file changed
tree: 99ec98b83105ab3ad2acbdf7b33f176850dbdcca
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION