commit | 960fb74cae15cf00030fda22836284989fe5a1c0 | [log] [tgz] |
---|---|---|
author | William Lallemand <wlallemand@haproxy.org> | Thu Nov 03 16:31:50 2022 +0100 |
committer | William Lallemand <wlallemand@haproxy.org> | Thu Nov 10 13:28:37 2022 +0100 |
tree | 0fb27bdeccbf9c419095cefec3a3ae4f0ffc757a | |
parent | 9b25982716f0416c28f8fc894c58eb40885cf9e5 [diff] |
MEDIUM: ssl: {ca,crt}-ignore-err can now use error constant name The ca-ignore-err and crt-ignore-err directives are now able to use the openssl X509_V_ERR constant names instead of the numerical values. This allow a configuration to survive an OpenSSL upgrade, because the numerical ID can change between versions. For example X509_V_ERR_INVALID_CA was 24 in OpenSSL 1 and is 79 in OpenSSL 3. The list of errors must be updated when a new major OpenSSL version is released.