1. b5a3d58 DOC: configuration: update the crt-list documentation by William Lallemand · 6 months ago
  2. f3e225d BUG/MINOR: ssl: load correctly @system-ca when ca-base is define by William Lallemand · 1 year, 1 month ago
  3. 3ccfc10 BUG/MINOR: quic: allow-0rtt warning must only be emitted with quic bind by William Lallemand · 1 year, 3 months ago
  4. 0277c68 MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option by Frédéric Lécaille · 1 year, 3 months ago
  5. b6ae2aa MINOR: ssl: allow to change the signature algorithm for client authentication by William Lallemand · 1 year, 7 months ago
  6. 1d3c822 MINOR: ssl: allow to change the server signature algorithm by William Lallemand · 1 year, 7 months ago
  7. 158c18e MINOR: config: add "no-alpn" support for bind lines by Willy Tarreau · 1 year, 7 months ago
  8. 5843237 MINOR: ssl: Add global options to modify ocsp update min/max delay by Remi Tricot-Le Breton · 1 year, 9 months ago
  9. af67806 MINOR: ssl: rename confusing ssl_bind_kws by William Lallemand · 1 year, 10 months ago
  10. c57fb3b MINOR: cfgparse-ssl: avoid a possible crash on OOM in ssl_bind_parse_npn() by Willy Tarreau · 1 year, 11 months ago
  11. c8d814e MINOR: ssl: Move OCSP code to a dedicated source file by Remi Tricot-Le Breton · 2 years ago
  12. aff8277 MEDIUM: ssl: Start update task if at least one ocsp-update option is set to on by Remi Tricot-Le Breton · 2 years ago
  13. 03c5fff MINOR: ssl: Add crt-list ocsp-update option by Remi Tricot-Le Breton · 2 years ago
  14. f813dab BUG/MINOR: ssl: crt-ignore-err memory leak with 'all' parameter by William Lallemand · 2 years ago
  15. 380085d CLEANUP: ssl: remove printf in bind_parse_ignore_err by William Lallemand · 2 years ago
  16. 960fb74 MEDIUM: ssl: {ca,crt}-ignore-err can now use error constant name by William Lallemand · 2 years, 1 month ago
  17. 9b25982 BUG/MEDIUM: ssl: Verify error codes can exceed 63 by Remi Tricot-Le Breton · 2 years, 1 month ago
  18. 2071a99 MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known by Willy Tarreau · 2 years, 6 months ago
  19. 1ea6e6a CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS by Willy Tarreau · 2 years, 6 months ago
  20. 11ba404 CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL by Willy Tarreau · 2 years, 6 months ago
  21. ccc0355 MINOR: ssl: Add 'ssl-provider-path' global option by Remi Tricot-Le Breton · 2 years, 6 months ago
  22. 1746a38 MINOR: ssl: Add 'ssl-provider' global option by Remi Tricot-Le Breton · 2 years, 7 months ago
  23. e809765 MINOR: ssl: Add 'ssl-propquery' global option by Remi Tricot-Le Breton · 2 years, 7 months ago
  24. 393e42a BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation by Willy Tarreau · 2 years, 7 months ago
  25. 1024393 MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord" by Thomas Prückl · 2 years, 7 months ago
  26. 7e2e4f8 CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h by Willy Tarreau · 2 years, 7 months ago
  27. d7bfbe2 BUILD: ssl: add USE_ENGINE and disable the openssl engine by default by William Lallemand · 2 years, 8 months ago
  28. 2c776f1 BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server by William Lallemand · 2 years, 11 months ago
  29. 0d1dd0e BUILD: cfgparse-ssl: add missing errors.h by Willy Tarreau · 3 years, 2 months ago
  30. 79b90e8 MINOR: server: enable more keywords for ssl checks for dynamic servers by Amaury Denoyelle · 3 years, 2 months ago
  31. 310a260 MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size by Marcin Deranek · 3 years, 5 months ago
  32. 34897d2 MINOR: ssl: support ssl keyword for dynamic servers by Amaury Denoyelle · 3 years, 6 months ago
  33. 71f9a06 MINOR: ssl: enable a series of ssl keywords for dynamic servers by Amaury Denoyelle · 3 years, 6 months ago
  34. fde8260 MINOR: ssl: support crl arg for dynamic servers by Amaury Denoyelle · 3 years, 6 months ago
  35. 93be21e MINOR: ssl: support crt arg for dynamic servers by Amaury Denoyelle · 3 years, 6 months ago
  36. 4825502 MINOR: ssl: support ca-file arg for dynamic servers by Amaury Denoyelle · 3 years, 6 months ago
  37. 7addf56 MINOR: ssl: split parse functions for alpn/check-alpn by Amaury Denoyelle · 3 years, 6 months ago
  38. 36aa451 MINOR: ssl: render file-access optional on server crt loading by Amaury Denoyelle · 3 years, 6 months ago
  39. 1f9333b MINOR: ssl: check allocation in parse npn/sni by Amaury Denoyelle · 3 years, 6 months ago
  40. cbbf87f MINOR: ssl: check allocation in parse ciphers/ciphersuites/verifyhost by Amaury Denoyelle · 3 years, 6 months ago
  41. 949c94e MINOR: ssl: check allocation in ssl_sock_init_srv by Amaury Denoyelle · 3 years, 6 months ago
  42. 722180a BUILD: make tune.ssl.keylog available again by William Lallemand · 3 years, 6 months ago
  43. 0bb4824 MINOR: ssl: Add a cafile_entry type field by Remi Tricot-Le Breton · 3 years, 8 months ago
  44. af8820a CLEANUP: ssl: Move ssl_store related code to ssl_ckch.c by Remi Tricot-Le Breton · 3 years, 8 months ago
  45. cc81eca BUILD: config: cfgparse-ssl.c needs tools.h by Willy Tarreau · 3 years, 7 months ago
  46. 2b71810 CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion by Willy Tarreau · 3 years, 7 months ago
  47. a0fd35b BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro by Ilya Shipitsin · 3 years, 8 months ago
  48. fb00f31 BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" by Remi Tricot-Le Breton · 3 years, 8 months ago
  49. 76e10e7 MINOR: server: prepare parsing for dynamic servers by Amaury Denoyelle · 3 years, 9 months ago
  50. 0182516 CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy by Willy Tarreau · 3 years, 9 months ago
  51. 61cfdf4 CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) by Willy Tarreau · 3 years, 9 months ago
  52. bb470aa MINOR: ssl: Remove client_crt member of the server's ssl context by Remi Tricot-Le Breton · 3 years, 10 months ago
  53. d817dc7 MEDIUM: ssl: Load client certificates in a ckch for backend servers by Remi Tricot-Le Breton · 3 years, 10 months ago
  54. e5ff141 CLEANUP: Compare the return value of `XXXcmp()` functions with zero by Tim Duesterhus · 3 years, 11 months ago
  55. e50afbd MINOR: cfgparse: Do not modify the QUIC xprt when parsing "ssl". by Frédéric Lécaille · 4 years ago
  56. f34ed0b BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES by Ilya Shipitsin · 4 years ago
  57. bdec3ba BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION by Ilya Shipitsin · 4 years ago
  58. f637044 MEDIUM: cli/ssl: configure ssl on server at runtime by William Dauchy · 4 years ago
  59. fc52f52 MINOR: ssl: create common ssl_ctx init by William Dauchy · 4 years ago
  60. 0aa8c29 BUILD: ssl: use feature macros for detecting ec curves manipulation support by Ilya Shipitsin · 4 years, 1 month ago
  61. 04a5a44 BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of OpenSSL versions by Ilya Shipitsin · 4 years, 1 month ago
  62. 8e8581e MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension by William Lallemand · 4 years, 1 month ago
  63. 9a1d839 BUG/MINOR: ssl: ssl-skip-self-issued-ca requires >= 1.0.2 by William Lallemand · 4 years, 4 months ago
  64. 7d42ef5 WIP/MINOR: ssl: add sample fetches for keylog in frontend by William Lallemand · 4 years, 5 months ago
  65. 6be7849 REORG: include: move cfgparse.h to haproxy/cfgparse.h by Willy Tarreau · 4 years, 6 months ago
  66. 209108d REORG: include: move ssl_sock.h to haproxy/ssl_sock{,-t}.h by Willy Tarreau · 4 years, 6 months ago
  67. 213e990 REORG: include: move listener.h to haproxy/listener{,-t}.h by Willy Tarreau · 4 years, 6 months ago
  68. 6019fab REORG: include: move openssl-compat.h from common/ to haproxy/ by Willy Tarreau · 4 years, 6 months ago
  69. 8d36697 REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ by Willy Tarreau · 4 years, 6 months ago
  70. 4c7e4b7 REORG: include: update all files to use haproxy/api.h or api-t.h if needed by Willy Tarreau · 4 years, 6 months ago
  71. 8177ad9 MINOR: ssl: split config and runtime variable for ssl-{min,max}-ver by William Lallemand · 4 years, 6 months ago
  72. 5520d6f BUILD: ssl: fix build without OPENSSL_NO_ENGINE by William Lallemand · 4 years, 6 months ago
  73. dad3105 REORG: ssl: move ssl configuration to cfgparse-ssl.c by William Lallemand · 4 years, 7 months ago