Hi Aleks > Le 1 févr. 2018 à 23:34, Aleksandar Lazic <[email protected]> a écrit : > > Hi. > > ------ Originalnachricht ------ > Von: "Emmanuel Hocdet" <[email protected]> > An: "haproxy" <[email protected]> > Gesendet: 01.02.2018 17:54:46 > Betreff: [PATCH] MINOR: introduce proxy-v2-options for send-proxy-v2 > >> Hi, >> >> It’s patch introduce proxy-v2-options for send-proxy-v2. >> Goal is to add more options from doc/proxy-protocol.txt, especially >> all TLS informations related to security. > Can then this function replace the current one `send-proxy-v2-ssl-cn` && > `send-proxy-v2-ssl`
yes and no, you must add send-proxy-v2 to activate proxy-v2 > Let's say when the option is 'ssl-cn' then add all three flags as in the > current `srv_parse_send_proxy_cn` function? > > http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/ssl_sock.c;hb=497959290789002b814b9021a737a3c5f14e7407#l7788 > http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/ssl_sock.c;hb=497959290789002b814b9021a737a3c5f14e7407#l7796 > > We offer with this suggested solution a backward compatibility and the new > function is in use. > you must used "send-proxy-v2 proxy-v2-options ssl » for current send-proxy-v2-ssl you must used "send-proxy-v2 proxy-v2-options cert-cn » for current send-proxy-v2-ssl-cn next options should be authority,cert-key,cert-sig,ssl-cipher > Maybe in the next step there could be a 'tlv' option which can decode custom > tlv's ? > http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/connection.c;hb=497959290789002b814b9021a737a3c5f14e7407#l606 > > Just some brainstorming ;-) > > What do you mean? > Haproxy is naturally a producer for ‘tlv’ options (for sure when related to ssl). I don’t know how ‘tlv’ options (other than netns) could be really useful to consume, passthru coud be more useful. ++ Manu
