On Fri, Jul 10, 2020 at 3:51 PM William Lallemand
wrote:
> Hello,
>
>
> On Sun, Jul 05, 2020 at 09:43:22AM +0300, gers...@gmail.com wrote:
> > From: Shimi Gersner
> >
> > haproxy supports generating SSL certificates based on SNI using a
> provided
> > CA signing certificate. Because CA
Hello,
On Sun, Jul 05, 2020 at 09:43:22AM +0300, gers...@gmail.com wrote:
> From: Shimi Gersner
>
> haproxy supports generating SSL certificates based on SNI using a provided
> CA signing certificate. Because CA certificates may be signed by multiple
> CAs, in some scenarios, it is neccesary
On Mon, Jul 6, 2020 at 4:37 PM Aleksandar Lazic wrote:
> Should a blank be after '%s'?
>
> + memprintf(err, "%sthis version of openssl cannot attach
> certificate chain for SSL certificate generation.\n",
> + err && *err ? *err : "");
>
> Looked around in the file and that
Should a blank be after '%s'?
+ memprintf(err, "%sthis version of openssl cannot attach certificate chain
for SSL certificate generation.\n",
+ err && *err ? *err : "");
On 05.07.20 14:09, Gersner wrote:
That's my fault. I was aware of the versioning but forgot to wrap
That's my fault. I was aware of the versioning but forgot to wrap in ifdef
there.
Configuration prevents from setting those settings on unsupported versions.
On Sun, Jul 5, 2020 at 2:57 PM Илья Шипицин wrote:
> https://cirrus-ci.com/task/6191727960653824
>
> seems, openssl-1.0.0 (used in
https://cirrus-ci.com/task/6191727960653824
seems, openssl-1.0.0 (used in CentOS6/RHEL6) does not support those methods.
haproxy claims to support openssl starting 0.9.8, I guess openssl-0.9.8 is
rarely tested
вс, 5 июл. 2020 г. в 16:48, Gersner :
> Awesome. I will run the manual tests on the
Awesome. I will run the manual tests on the variants later today.
Thanks.
On Sun, Jul 5, 2020 at 2:45 PM Илья Шипицин wrote:
> if you have tested your code (I'm sure you did), maybe manual testing will
> be simple enough
> you just need to rebuild haproxy against LibreSSL, BoringSSL, older
if you have tested your code (I'm sure you did), maybe manual testing will
be simple enough
you just need to rebuild haproxy against LibreSSL, BoringSSL, older openssl
examples how to build ssl lib and build haproxy against it might be taken
from .travis.yml (I was about to write an article, but
there are regression tests written using vtest from varnish
https://github.com/haproxy/haproxy/tree/master/reg-tests
all important part of haproxy are supposed to be covered with reg-tests
(test coverage is getting better and better, but not yet complete)
вс, 5 июл. 2020 г. в 16:16, Gersner :
Oh, wasn't aware of that.
Is there some automation to test this or should I manually verify this?
On Sun, Jul 5, 2020 at 2:13 PM Илья Шипицин wrote:
> I recall some issues with LibreSSL and chaining trust. Like it was
> declared but never worked.
> we'll see that in runtime if there are such
I recall some issues with LibreSSL and chaining trust. Like it was declared
but never worked.
we'll see that in runtime if there are such issues
вс, 5 июл. 2020 г. в 16:06, Илья Шипицин :
> nice, all ssl variants build well
> https://travis-ci.com/github/chipitsine/haproxy/builds/174323866
>
>
nice, all ssl variants build well
https://travis-ci.com/github/chipitsine/haproxy/builds/174323866
вс, 5 июл. 2020 г. в 15:48, Gersner :
>
>
> On Sun, Jul 5, 2020 at 1:42 PM Илья Шипицин wrote:
>
>> do you have your patches on github fork ?
>> (I could not find your fork)
>>
> Yes. See branch
>
On Sun, Jul 5, 2020 at 1:42 PM Илья Шипицин wrote:
> do you have your patches on github fork ?
> (I could not find your fork)
>
Yes. See branch
https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra
>
> вс, 5 июл. 2020 г. в 15:13, Gersner :
>
>>
>>
>> On Sun, Jul 5, 2020 at 12:28 PM
do you have your patches on github fork ?
(I could not find your fork)
вс, 5 июл. 2020 г. в 15:13, Gersner :
>
>
> On Sun, Jul 5, 2020 at 12:28 PM Илья Шипицин wrote:
>
>> does it clearly applies to current master ? either gmail scrambled patch
>> or it is not.
>> can you try please ?
>>
>
On Sun, Jul 5, 2020 at 12:28 PM Илья Шипицин wrote:
> does it clearly applies to current master ? either gmail scrambled patch
> or it is not.
> can you try please ?
>
Exporting the eml and running 'git am' it works cleanly.
I've reproduced the exact same output when copy-pasting from gmail. It
does it clearly applies to current master ? either gmail scrambled patch or
it is not.
can you try please ?
$ patch -p1 < 1.patch
patching file doc/configuration.txt
patching file include/haproxy/listener-t.h
Hunk #1 FAILED at 163.
1 out of 1 hunk FAILED -- saving rejects to file
From: Shimi Gersner
haproxy supports generating SSL certificates based on SNI using a provided
CA signing certificate. Because CA certificates may be signed by multiple
CAs, in some scenarios, it is neccesary for the server to attach the trust chain
in addition to the generated certificate.
The
17 matches
Mail list logo
