Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 770bc8a07c984547857cc6f033a594ed761e57ae
commit770bc8a07c984547857cc6f033a594ed761e57ae[log] [tgz]
authorJerome Magnin <jmagnin@haproxy.com>Wed Apr 22 11:40:18 2020 +0200
committerWilly Tarreau <w@1wt.eu>Thu May 07 18:10:15 2020 +0200
treec692c17de61a91d0dd22da8e1cb494493b20bb02
parent46c517f2ef2c2883a7c299a41d661ad5cbf10df6 [diff]
BUG/MINOR: ssl: default settings for ssl server options are not used

Documentation states that default settings for ssl server options can be set
using either ssl-default-server-options or default-server directives. In practice,
not all ssl server options can have default values, such as ssl-min-ver, ssl-max-ver,
etc..

This patch adds the missing ssl options in srv_ssl_settings_cpy() and srv_parse_ssl(),
making it possible to write configurations like the following examples, and have them
behave as expected.

   global
     ssl-default-server-options ssl-max-ver TLSv1.2

   defaults
     mode http

   listen l1
     bind 1.2.3.4:80
     default-server ssl verify none
     server s1 1.2.3.5:443

   listen l2
     bind 2.2.3.4:80
     default-server ssl verify none ssl-max-ver TLSv1.3 ssl-min-ver TLSv1.2
     server s1 1.2.3.6:443

This should be backported as far as 1.8.
This fixes issue #595.

(cherry picked from commit 2e8d52f869ed7673a8274ec7b045161e09350251)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit bd0ace790d81fcbd3331f34db500bedb41fc4a89)
Signed-off-by: Willy Tarreau <w@1wt.eu>
2 files changed
tree: c692c17de61a91d0dd22da8e1cb494493b20bb02
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION