MEDIUM: ssl: improve crt-list format to support negation Improve the crt-list file format to allow a rule to negate a certain SNI : <crtfile> [[!]<snifilter> ...] This can be useful when a domain supports a wildcard but you don't want to deliver the wildcard cert for certain specific domains.

commit: 7c41a1b59b005a75914121a604ede449374b8de7 [log] [tgz]
author: Emmanuel Hocdet <manu@gandi.net> Tue May 07 20:20:06 2013 +0200
committer: Willy Tarreau <w@1wt.eu> Tue May 07 22:11:54 2013 +0200
tree: f96c61f3950b7321f99f7fd02388d2195b02c752
parent: 2b5702030daf1f6394cc7c7e0c2cda9ef90ae2e1 [diff] [blame]
diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h
index 1ded15e..a0b2d79 100644
--- a/include/types/ssl_sock.h
+++ b/include/types/ssl_sock.h

@@ -28,6 +28,7 @@
 struct sni_ctx {
 	SSL_CTX *ctx;             /* context associated to the certificate */
 	int order;                /* load order for the certificate */
+	int neg;                  /* reject if match */
 	struct ebmb_node name;    /* node holding the servername value */
 };
commit	7c41a1b59b005a75914121a604ede449374b8de7	[log] [tgz]
author	Emmanuel Hocdet <manu@gandi.net>	Tue May 07 20:20:06 2013 +0200
committer	Willy Tarreau <w@1wt.eu>	Tue May 07 22:11:54 2013 +0200
tree	f96c61f3950b7321f99f7fd02388d2195b02c752
parent	2b5702030daf1f6394cc7c7e0c2cda9ef90ae2e1 [diff] [blame]