Hi Iliya, Team, Gentle ping on this. Can I assist with providing more information?
Shimi. On Mon, Jul 6, 2020 at 4:29 PM Gersner <gers...@gmail.com> wrote: > The current implementation fallbacks to the default context certificate if > I recall correctly. No certificate will be generated in that case. > > On Mon, Jul 6, 2020 at 3:01 PM Илья Шипицин <chipits...@gmail.com> wrote: > >> Hello, Gersner. >> >> smal question. what will happen if client does not provide SNI (and we >> are supposed to create certificate)? >> >> пн, 6 июл. 2020 г. в 05:12, <gers...@gmail.com>: >> >>> From: Shimi Gersner <sgers...@microsoft.com> >>> >>> Hi Team, Ilya, >>> >>> Following the conversation yesterday I have added a fix and manually >>> tested the following openssl variants >>> - openssl-{1.0.1e,1.0.2u,1.1.1g} >>> - libressl-{2.9.2,3.1.1} >>> >>> Additionally I have re-ran travis/cirrus >>> - https://travis-ci.com/github/gersner/haproxy/builds/174353855 >>> - https://cirrus-ci.com/build/5482853758664704 >>> >>> >>> PR Reference >>> https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra >>> >>> Thanks, >>> Shimi. >>> >>> >>> Shimi Gersner (2): >>> MEDIUM: ssl: Support certificate chaining for certificate generation >>> SMALL: ssl: Support SAN extension for certificate generation >>> >>> doc/configuration.txt | 16 ++++ >>> include/haproxy/listener-t.h | 5 +- >>> src/cfgparse-ssl.c | 29 +++++++ >>> src/ssl_sock.c | 153 +++++++++++++++++++++++++---------- >>> 4 files changed, 158 insertions(+), 45 deletions(-) >>> >>> -- >>> 2.27.0 >>> >>>