Re: [PATCH v2 0/2] Certificate Generation Enhancements
Oh, yes, missed the mail from William. Will go over the comments shortly. Thanks On Sat, Jul 11, 2020 at 1:54 PM Tim Düsterhus wrote: > Shimi, > > Am 11.07.20 um 09:28 schrieb Gersner: > > Gentle ping on this. Can I assist with providing more information? > > William responded on the v1 of your patch. I assume he didn't see that > there was a v2, because it's a separate email thread. I put him in Cc. > > https://www.mail-archive.com/haproxy@formilux.org/msg37884.html > https://www.mail-archive.com/haproxy@formilux.org/msg37885.html > > Best regards > Tim Düsterhus >
Re: [PATCH v2 0/2] Certificate Generation Enhancements
Shimi, Am 11.07.20 um 09:28 schrieb Gersner: > Gentle ping on this. Can I assist with providing more information? William responded on the v1 of your patch. I assume he didn't see that there was a v2, because it's a separate email thread. I put him in Cc. https://www.mail-archive.com/haproxy@formilux.org/msg37884.html https://www.mail-archive.com/haproxy@formilux.org/msg37885.html Best regards Tim Düsterhus
Re: [PATCH v2 0/2] Certificate Generation Enhancements
Hi Iliya, Team, Gentle ping on this. Can I assist with providing more information? Shimi. On Mon, Jul 6, 2020 at 4:29 PM Gersner wrote: > The current implementation fallbacks to the default context certificate if > I recall correctly. No certificate will be generated in that case. > > On Mon, Jul 6, 2020 at 3:01 PM Илья Шипицин wrote: > >> Hello, Gersner. >> >> smal question. what will happen if client does not provide SNI (and we >> are supposed to create certificate)? >> >> пн, 6 июл. 2020 г. в 05:12, : >> >>> From: Shimi Gersner >>> >>> Hi Team, Ilya, >>> >>> Following the conversation yesterday I have added a fix and manually >>> tested the following openssl variants >>> - openssl-{1.0.1e,1.0.2u,1.1.1g} >>> - libressl-{2.9.2,3.1.1} >>> >>> Additionally I have re-ran travis/cirrus >>> - https://travis-ci.com/github/gersner/haproxy/builds/174353855 >>> - https://cirrus-ci.com/build/5482853758664704 >>> >>> >>> PR Reference >>> https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra >>> >>> Thanks, >>> Shimi. >>> >>> >>> Shimi Gersner (2): >>> MEDIUM: ssl: Support certificate chaining for certificate generation >>> SMALL: ssl: Support SAN extension for certificate generation >>> >>> doc/configuration.txt| 16 >>> include/haproxy/listener-t.h | 5 +- >>> src/cfgparse-ssl.c | 29 +++ >>> src/ssl_sock.c | 153 +-- >>> 4 files changed, 158 insertions(+), 45 deletions(-) >>> >>> -- >>> 2.27.0 >>> >>>
Re: [PATCH v2 0/2] Certificate Generation Enhancements
The current implementation fallbacks to the default context certificate if I recall correctly. No certificate will be generated in that case. On Mon, Jul 6, 2020 at 3:01 PM Илья Шипицин wrote: > Hello, Gersner. > > smal question. what will happen if client does not provide SNI (and we are > supposed to create certificate)? > > пн, 6 июл. 2020 г. в 05:12, : > >> From: Shimi Gersner >> >> Hi Team, Ilya, >> >> Following the conversation yesterday I have added a fix and manually >> tested the following openssl variants >> - openssl-{1.0.1e,1.0.2u,1.1.1g} >> - libressl-{2.9.2,3.1.1} >> >> Additionally I have re-ran travis/cirrus >> - https://travis-ci.com/github/gersner/haproxy/builds/174353855 >> - https://cirrus-ci.com/build/5482853758664704 >> >> >> PR Reference >> https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra >> >> Thanks, >> Shimi. >> >> >> Shimi Gersner (2): >> MEDIUM: ssl: Support certificate chaining for certificate generation >> SMALL: ssl: Support SAN extension for certificate generation >> >> doc/configuration.txt| 16 >> include/haproxy/listener-t.h | 5 +- >> src/cfgparse-ssl.c | 29 +++ >> src/ssl_sock.c | 153 +-- >> 4 files changed, 158 insertions(+), 45 deletions(-) >> >> -- >> 2.27.0 >> >>
Re: [PATCH v2 0/2] Certificate Generation Enhancements
Hello, Gersner. smal question. what will happen if client does not provide SNI (and we are supposed to create certificate)? пн, 6 июл. 2020 г. в 05:12, : > From: Shimi Gersner > > Hi Team, Ilya, > > Following the conversation yesterday I have added a fix and manually > tested the following openssl variants > - openssl-{1.0.1e,1.0.2u,1.1.1g} > - libressl-{2.9.2,3.1.1} > > Additionally I have re-ran travis/cirrus > - https://travis-ci.com/github/gersner/haproxy/builds/174353855 > - https://cirrus-ci.com/build/5482853758664704 > > > PR Reference > https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra > > Thanks, > Shimi. > > > Shimi Gersner (2): > MEDIUM: ssl: Support certificate chaining for certificate generation > SMALL: ssl: Support SAN extension for certificate generation > > doc/configuration.txt| 16 > include/haproxy/listener-t.h | 5 +- > src/cfgparse-ssl.c | 29 +++ > src/ssl_sock.c | 153 +-- > 4 files changed, 158 insertions(+), 45 deletions(-) > > -- > 2.27.0 > >
[PATCH v2 0/2] Certificate Generation Enhancements
From: Shimi Gersner Hi Team, Ilya, Following the conversation yesterday I have added a fix and manually tested the following openssl variants - openssl-{1.0.1e,1.0.2u,1.1.1g} - libressl-{2.9.2,3.1.1} Additionally I have re-ran travis/cirrus - https://travis-ci.com/github/gersner/haproxy/builds/174353855 - https://cirrus-ci.com/build/5482853758664704 PR Reference https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra Thanks, Shimi. Shimi Gersner (2): MEDIUM: ssl: Support certificate chaining for certificate generation SMALL: ssl: Support SAN extension for certificate generation doc/configuration.txt| 16 include/haproxy/listener-t.h | 5 +- src/cfgparse-ssl.c | 29 +++ src/ssl_sock.c | 153 +-- 4 files changed, 158 insertions(+), 45 deletions(-) -- 2.27.0