Hi Janusz, On Thu, Mar 05, 2015 at 09:20:54PM +0100, [email protected] wrote: > From: Janusz Dziemidowicz <[email protected]> > > Adds ability to include Signed Certificate Timestamp List in TLS > extension. File containing SCTL must be present at the same path of > the certificate file, suffixed with '.sctl'. This requires OpenSSL > 1.0.2 or later. > --- (...) > This patch also applies cleanly on haproxy 1.5 branch. > > I'm not sure if this is the right way to implement this, so I'm > looking for any comments.
Well, I don't know if it's the right way to implement it, I'll let the SSL experts review your work. However what I can say is that it's the right way to write and submit a patch for quick inclusion. Your code is very clean is the doc is provided as well. Good job for a first patch! Concerning 1.5, we avoid backporting features into 1.5 to avoid reproducing the mess that 1.4 was with regressions. That said, we seldom make a few exceptions when the feature addresses an ongoing problem to expect soon. Here I don't think it's the case, but if everyone thinks it would be nice to have it there, users decide :-) Thanks, Willy
