The current implementation fallbacks to the default context certificate if
I recall correctly. No certificate will be generated in that case.

On Mon, Jul 6, 2020 at 3:01 PM Илья Шипицин <chipits...@gmail.com> wrote:

> Hello, Gersner.
>
> smal question. what will happen if client does not provide SNI (and we are
> supposed to create certificate)?
>
> пн, 6 июл. 2020 г. в 05:12, <gers...@gmail.com>:
>
>> From: Shimi Gersner <sgers...@microsoft.com>
>>
>> Hi Team, Ilya,
>>
>> Following the conversation yesterday I have added a fix and manually
>> tested the following openssl variants
>>   - openssl-{1.0.1e,1.0.2u,1.1.1g}
>>   - libressl-{2.9.2,3.1.1}
>>
>> Additionally I have re-ran travis/cirrus
>>   - https://travis-ci.com/github/gersner/haproxy/builds/174353855
>>   - https://cirrus-ci.com/build/5482853758664704
>>
>>
>> PR Reference
>> https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra
>>
>> Thanks,
>> Shimi.
>>
>>
>> Shimi Gersner (2):
>>   MEDIUM: ssl: Support certificate chaining for certificate generation
>>   SMALL: ssl: Support SAN extension for certificate generation
>>
>>  doc/configuration.txt        |  16 ++++
>>  include/haproxy/listener-t.h |   5 +-
>>  src/cfgparse-ssl.c           |  29 +++++++
>>  src/ssl_sock.c               | 153 +++++++++++++++++++++++++----------
>>  4 files changed, 158 insertions(+), 45 deletions(-)
>>
>> --
>> 2.27.0
>>
>>

Reply via email to