Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / b6672b547ad6cc1c8329bece62e9d99df28d1b46
commitb6672b547ad6cc1c8329bece62e9d99df28d1b46[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Mon Dec 12 17:23:41 2011 +0100
committerWilly Tarreau <w@1wt.eu>Mon Dec 12 17:26:23 2011 +0100
tree406382e907d971f880af6585099d1a698a460366
parent82a04566ecbb3e8e01b657240d5031e5faa1310e [diff]
MINOR: acl: add support for TLS server name matching using SNI

Server Name Indication (SNI) is a TLS extension which makes a client
present the name of the server it is connecting to in the client hello.
It allows a transparent proxy to take a decision based on the beginning
of an SSL/TLS stream without deciphering it.

The new ACL "req_ssl_sni" matches the name extracted from the TLS
handshake against a list of names which may be loaded from a file if
needed.
2 files changed
tree: 406382e907d971f880af6585099d1a698a460366
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. src/
  7. tests/
  8. .gitignore
  9. CHANGELOG
  10. LICENSE
  11. Makefile
  12. Makefile.bsd
  13. Makefile.osx
  14. README
  15. ROADMAP
  16. SUBVERS
  17. TODO
  18. VERDATE
  19. VERSION