Hi Iliya, Team,
Gentle ping on this. Can I assist with providing more information?
Shimi.
On Mon, Jul 6, 2020 at 4:29 PM Gersner <gers...@gmail.com> wrote:
> The current implementation fallbacks to the default context certificate if
> I recall correctly. No certificate will be generated in that case.
>
> On Mon, Jul 6, 2020 at 3:01 PM Илья Шипицин <chipits...@gmail.com> wrote:
>
>> Hello, Gersner.
>>
>> smal question. what will happen if client does not provide SNI (and we
>> are supposed to create certificate)?
>>
>> пн, 6 июл. 2020 г. в 05:12, <gers...@gmail.com>:
>>
>>> From: Shimi Gersner <sgers...@microsoft.com>
>>>
>>> Hi Team, Ilya,
>>>
>>> Following the conversation yesterday I have added a fix and manually
>>> tested the following openssl variants
>>> - openssl-{1.0.1e,1.0.2u,1.1.1g}
>>> - libressl-{2.9.2,3.1.1}
>>>
>>> Additionally I have re-ran travis/cirrus
>>> - https://travis-ci.com/github/gersner/haproxy/builds/174353855
>>> - https://cirrus-ci.com/build/5482853758664704
>>>
>>>
>>> PR Reference
>>> https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra
>>>
>>> Thanks,
>>> Shimi.
>>>
>>>
>>> Shimi Gersner (2):
>>> MEDIUM: ssl: Support certificate chaining for certificate generation
>>> SMALL: ssl: Support SAN extension for certificate generation
>>>
>>> doc/configuration.txt | 16 ++++
>>> include/haproxy/listener-t.h | 5 +-
>>> src/cfgparse-ssl.c | 29 +++++++
>>> src/ssl_sock.c | 153 +++++++++++++++++++++++++----------
>>> 4 files changed, 158 insertions(+), 45 deletions(-)
>>>
>>> --
>>> 2.27.0
>>>
>>>
