Hi Emeric, Christopher If you can review when you have time. (3) for Christopher.
This patches allows to support native multicert selection (RSA/ECDSA) and
ssl-min-ver/ ssl-max-ver per certificat with openssl 1.1.1 (boringssl is the
only
one to support this until this patch).
patches:
1) Convert BoringSSL api call (CBS) to ssl-lib independent code.
This is the biggest part and only depend on BoringSSL build (until 2).
2) support openssl 1.1.1 early callback API. It mimic BoringSSL api, and this
is a good news (small patch).
Do we want to push code for openssl 1.1.1 (dev) in haproxy (dev) now?
3) Add generated certificate for early switch-ctx.
Historically this part has been skipped (no supported for boringssl).
There are now a ssl_sock_generate_certificate_from_conn func, but i don’t
understand how this take a real/generated cert.
Christopher, can you take a look?
++
Manu
0001-MEDIUM-ssl-convert-CBS-BoringSSL-api-usage-to-neutra.patch
Description: Binary data
0002-MINOR-ssl-support-Openssl-1.1.1-early-callback-for-s.patch
Description: Binary data
0003-MINOR-ssl-generated-certificate-is-missing-in-switch.patch
Description: Binary data
