MEDIUM: ssl: improve crt-list format to support negation
Improve the crt-list file format to allow a rule to negate a certain SNI :
<crtfile> [[!]<snifilter> ...]
This can be useful when a domain supports a wildcard but you don't want to
deliver the wildcard cert for certain specific domains.
diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h
index 1ded15e..a0b2d79 100644
--- a/include/types/ssl_sock.h
+++ b/include/types/ssl_sock.h
@@ -28,6 +28,7 @@
struct sni_ctx {
SSL_CTX *ctx; /* context associated to the certificate */
int order; /* load order for the certificate */
+ int neg; /* reject if match */
struct ebmb_node name; /* node holding the servername value */
};