Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 3777e3ad14f2ce54b6662fd0db56413dde9ec9fa
commit3777e3ad14f2ce54b6662fd0db56413dde9ec9fa[log] [tgz]
authorEmmanuel Hocdet <manu@gandi.net>Wed Nov 06 16:05:34 2019 +0100
committerWilliam Lallemand <wlallemand@haproxy.org>Thu Dec 05 10:49:24 2019 +0100
treeaa85b6f67d8b9540a6f4ad091a39d8fd99bbfd29
parent4c044e274c16fde42863c476449895b0fd603818 [diff]
BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1

It's regression from 9f9b0c6 "BUG/MEDIUM: ECC cert should work with
TLS < v1.2 and openssl >= 1.1.1". Wilcard EC certifcate could be selected
at the expense of specific RSA certificate.
In any case, specific certificate should always selected first, next wildcard.
Reflect this rule in a loop to avoid any bug in certificate selection changes.

Fix issue #394.

It should be backported as far as 1.8.
1 file changed
tree: aa85b6f67d8b9540a6f4ad091a39d8fd99bbfd29
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION