Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / aa0d6372922882f58b54f851dfd7ca1f5a71b26d
commitaa0d6372922882f58b54f851dfd7ca1f5a71b26d[log] [tgz]
authorEmmanuel Hocdet <manu@gandi.net>Wed Aug 09 11:24:25 2017 +0200
committerWilly Tarreau <w@1wt.eu>Wed Aug 09 16:30:28 2017 +0200
tree8b90a63ca792d42d9d23c3ea08214dc7a9e0d778
parent3169471964fdc49963e63f68c1fd88686821a0c4 [diff]
MINOR: ssl: allow to start without certificate if strict-sni is set

With strict-sni, ssl connection will fail if no certificate match. Have no
certificate in bind line, fail on all ssl connections. It's ok with the
behavior of strict-sni. When 'generate-certificates' is set 'strict-sni' is
never used. When 'strict-sni' is set, default_ctx is never used. Allow to start
without certificate only in this case.

Use case is to start haproxy with ssl before customer start to use certificates.
Typically with 'crt' on a empty directory and 'strict-sni' parameters.
1 file changed
tree: 8b90a63ca792d42d9d23c3ea08214dc7a9e0d778
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. scripts/
  7. src/
  8. tests/
  9. .gitignore
  10. CHANGELOG
  11. CONTRIBUTING
  12. LICENSE
  13. MAINTAINERS
  14. Makefile
  15. README
  16. ROADMAP
  17. SUBVERS
  18. VERDATE
  19. VERSION