Hi all,
So the long-awaited dev12 is here, with native SSL support on both
sides supporting SNI and wildcard certs, that was developped by the
Exceliance team.
We got many useful reports since the last post on the subject, thanks to
all those who contributed some feedback! All known build bugs were fixed.
I won't explain here again what changes were done, it's too long :-)
Since last post, we worked on integrating support for SNI because most of
the responders asked for it. So now it's possible on a "bind" line to load
as many certs as needed, and they'll be matched depending on the domains
they're valid for. Wildcards are supported too. And since certs are loaded
in trees, matching them is cheap even if you're dealing with tens of
thousands of virtual domains.
We have also added some ACLs to match the use of SSL for a connection and
to match presence/value of the SNI extension, as we think it will usually
be needed as well in virtual hosting environments.
Warning, we have changed the SSL config syntax since last version. Since
loading mutiple certs is possible, we now use the word "crt" before the
certs. So that now looks like this :
bind :443 ssl crt default.pem crt /etc/haproxy/certs.d
SSL aside, there are some other new features such as IPv6 transparent mode,
"base" pattern/acl to match a concatenation of the Host header and the URI,
"urlp_val" ACL to match a url parameter's value, support for the "nice"
keyword on "bind" lines to change the priority of sessions using this bind
line (useful to limit SSL CPU impact), the ability to clear/feed stick-table
entries on the stats CLI, and the usual set of halog features and optims.
Many bugs were fixes, and many were certainly introduced. If you observe any
bug, please report it, as I'd rather issue -dev13 quickly with many fixes.
I'm not appending the changelog, it's too large. The usual pointers follow :
Site index : http://haproxy.1wt.eu/
Sources : http://haproxy.1wt.eu/download/1.5/src/devel/
Changelog : http://haproxy.1wt.eu/download/1.5/src/CHANGELOG
Exceliance : http://www.exceliance.fr/en/
Willy
