'sni' parameter - reasonable default/implicit setting ?

2019-07-26 Thread Jim Freeman 
For outgoing TLS connections, might haproxy be taught to use a reasonable
default/implicit value 'sni' [1] expression/behavior that would 'first do
no harm'[2], and usually be correct, in the absence of an explicit
expression ?  (Understood that haproxy depends on an SSL lib)

E.g.; req.hdr(host) if it is set, else server(-template)  (if it
is  cfg'd as name, not IP), else ssl_fc_sni for bridged HTTPS, else ... ?

If SNI [3] is used vs. an endpoint that doesn't require/utilize it, is it
always innocuous ?

Are increasing demands by service providers that clients (e.g.; haproxy vs.
an SSL endoint) send SNI inevitable?  Or is some alternative pending?

Just wondering,
...jfree

[1] http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#sni
[2] https://en.wikipedia.org/wiki/Primum_non_nocere
 https://en.wikipedia.org/wiki/Robustness_principle
[3] https://en.wikipedia.org/wiki/Server_Name_Indication

Re: Case Sensitive Headers

2019-07-26 Thread Luke Seelenbinder 
Hi Christopher,

That's great! Thank you. It looks exactly like what we need.

Best,
Luke

—
Luke Seelenbinder
SermonAudio.com  | Senior Software Engineer






> On Jul 25, 2019, at 09:18, Christopher Faulet  wrote:
> 
> Le 12/07/2019 à 13:26, Luke Seelenbinder a écrit :
>> Hi Christopher,
>> That definitely is ugly—but it works. Thanks! I'll look for improvements in 
>> 2.1.
> 
> Hi Luke,
> 
> FYI, a feature has been added in the 2.1 to change the case of header names. 
> Take a look on the commit 98fbe953:
> 
>  http://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=98fbe953
> 
> Now, you may decide to change the case of specific header names using global 
> directives "h1-case-adjust" or "h1-case-adjust-file". It can be enabled in 
> both directions, client or server, with 2 options, the first for the 
> frontends ("option h1-case-adjust-bogus-client") and the other one for the 
> backends ("option h1-case-adjust-bogus-server").
> 
> Best,
> -- 
> Christopher Faulet

[PR] DOC: proxy: Fix typo in PROXY file

2019-07-26 Thread PR Bot 
Dear list!

Author: Alex Gusev 
Number of patches: 1

This is an automated relay of the Github pull request:
   DOC: proxy: Fix typo in PROXY file

Patch title(s): 
   DOC: proxy: Fix typo in PROXY file

Link:
   https://github.com/haproxy/haproxy/pull/191

Edit locally:
   wget https://github.com/haproxy/haproxy/pull/191.patch && vi 191.patch

Apply locally:
   curl https://github.com/haproxy/haproxy/pull/191.patch | git am -

Description:


Instructions:
   This github pull request will be closed automatically; patch should be
   reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is
   invited to comment, even the patch's author. Please keep the author and
   list CCed in replies. Please note that in absence of any response this
   pull request will be lost.