Hi Manu.

Am 02-02-2018 10:49, schrieb Emmanuel Hocdet:
Hi Aleks

Le 1 févr. 2018 à 23:34, Aleksandar Lazic <al-hapr...@none.at> a écrit :


------ Originalnachricht ------
Von: "Emmanuel Hocdet" <m...@gandi.net>
An: "haproxy" <haproxy@formilux.org>
Gesendet: 01.02.2018 17:54:46
Betreff: [PATCH] MINOR: introduce proxy-v2-options for send-proxy-v2


It’s patch introduce proxy-v2-options for send-proxy-v2.
Goal is to add more options from  doc/proxy-protocol.txt, especially
all TLS informations related to security.
Can then this function replace the current one `send-proxy-v2-ssl-cn` && `send-proxy-v2-ssl`

yes and no,  you must add send-proxy-v2 to activate proxy-v2

Let's say when the option is 'ssl-cn' then add all three flags as in the current `srv_parse_send_proxy_cn` function?


We offer with this suggested solution a backward compatibility and the new function is in use.

you must used  "send-proxy-v2 proxy-v2-options ssl »     for current
you must used  "send-proxy-v2 proxy-v2-options cert-cn »   for current

next options should be  authority,cert-key,cert-sig,ssl-cipher

Maybe in the next step there could be a 'tlv' option which can decode custom tlv's ?

Just some brainstorming ;-)

What do you mean?

Haproxy is naturally a producer for ‘tlv’ options (for sure when
related to ssl). I don’t know how ‘tlv’ options (other than netns)
could be really useful to consume,  passthru coud be more useful.

How about this example.


How to parse custom PROXY protocol v2 header for custom routing in HAProxy configuration?

This case describes a case for AWS own header in PP2 PP2_SUBTYPE_AWS_VPCE_ID I know it's not easy but maybe worth to discuss how to use the free fields in PP2 for some acls



Reply via email to