commit | 3777e3ad14f2ce54b6662fd0db56413dde9ec9fa | [log] [tgz] |
---|---|---|
author | Emmanuel Hocdet <manu@gandi.net> | Wed Nov 06 16:05:34 2019 +0100 |
committer | William Lallemand <wlallemand@haproxy.org> | Thu Dec 05 10:49:24 2019 +0100 |
tree | aa85b6f67d8b9540a6f4ad091a39d8fd99bbfd29 | |
parent | 4c044e274c16fde42863c476449895b0fd603818 [diff] |
BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1 It's regression from 9f9b0c6 "BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1". Wilcard EC certifcate could be selected at the expense of specific RSA certificate. In any case, specific certificate should always selected first, next wildcard. Reflect this rule in a loop to avoid any bug in certificate selection changes. Fix issue #394. It should be backported as far as 1.8.