Re: [PR] Skip unsupported ciphers for ecdsa cert

[Emeric Brun]

Hi Marcoen,


Before resubnmit, elease remember to use more explicit variables to know 
server/client side cipher list.

R,
Emeric

On 12/1/20 10:26 AM, Marcoen Hirschberg wrote:
> Thanks, they are now enabled.
> 
> I've fixed boringssl builds and tested it with libressl locally as well.
> 
> I will work within my fork until I'm happy with the code before I submit it 
> again. I made the code more efficient but want to do a bit more testing and 
> need to clean up the commit messages.
> 
> https://github.com/markun/haproxy/pull/1
> 
> On Tue, Dec 1, 2020 at 10:05 AM Илья Шипицин <chipits...@gmail.com 
> <mailto:chipits...@gmail.com>> wrote:
> 
>     You can enable github actions on your fork (by default actions are 
> disabled)
> 
>     It should start several builds including libressl and boringssl
> 
>     On Tue, Dec 1, 2020, 1:14 AM Marcoen Hirschberg <marc...@gmail.com 
> <mailto:marc...@gmail.com>> wrote:
> 
>         Good point, I just tried with boringssl and compilation failed. 
> Thanks for pointing that out.
> 
>         On Mon, Nov 30, 2020 at 8:28 PM Илья Шипицин <chipits...@gmail.com 
> <mailto:chipits...@gmail.com>> wrote:
> 
>             will it run on LibreSSL, BoringSSL ?
> 
>             вт, 1 дек. 2020 г. в 00:26, PR Bot 
> <haproxy-pr-bot-no-re...@ltri.eu <mailto:haproxy-pr-bot-no-re...@ltri.eu>>:
> 
>                 Dear list!
> 
>                 Author: Marcoen Hirschberg <marc...@gmail.com 
> <mailto:marc...@gmail.com>>
>                 Number of patches: 3
> 
>                 This is an automated relay of the Github pull request:
>                    Skip unsupported ciphers for ecdsa cert
> 
>                 Patch title(s):
>                    MINOR: ssl: variable renames for clarity
>                    MINOR: ssl: skip unknown client cipher
>                    BUG/MINOR: ssl: only choose ECDSA cert if server and 
> client have common ECDSA ciphers
> 
>                 Link:
>                    https://github.com/haproxy/haproxy/pull/983
> 
>                 Edit locally:
>                    wget https://github.com/haproxy/haproxy/pull/983.patch && 
> vi 983.patch
> 
>                 Apply locally:
>                    curl https://github.com/haproxy/haproxy/pull/983.patch | 
> git am -
> 
>                 Description:
> 
> 
>                 Instructions:
>                    This github pull request will be closed automatically; 
> patch should be
>                    reviewed on the haproxy mailing list (haproxy@formilux.org 
> <mailto:haproxy@formilux.org>). Everyone is
>                    invited to comment, even the patch's author. Please keep 
> the author and
>                    list CCed in replies. Please note that in absence of any 
> response this
>                    pull request will be lost.
>