commit | c5fdf0f3dcf91435c943742eaf338167e761dede | [log] [tgz] |
---|---|---|
author | Emmanuel Hocdet <manu@gandi.net> | Mon Nov 04 15:49:46 2019 +0100 |
committer | William Lallemand <wlallemand@haproxy.org> | Mon Nov 18 14:58:27 2019 +0100 |
tree | f586a00d43c32ab7acb75b6c4fa6059211e75bbe | |
parent | c3775d28f9be97696e4ded94bf647c0d34cf9f54 [diff] |
BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1 Certificate selection in client_hello_cb (openssl >= 1.1.1) correctly handles crt-list neg filter. Certificate selection for openssl < 1.1.1 has not been touched for a while: crt-list neg filter is not the same than his counterpart and is wrong. Fix it to mimic the same behavior has is counterpart. It should be backported as far as 1.6.