Re: [PATCH] BUG/MINOR: ssl: fix curve setup with LibreSSL

2019-11-24 Thread Willy Tarreau
On Sun, Nov 24, 2019 at 06:20:40PM +0100, Lukas Tribus wrote: > Since commit 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER > instead of OPENSSL_VERSION_NUMBER") we restrict LibreSSL to the OpenSSL > 1.0.1 API, to avoid breaking LibreSSL every minute. We set > HA_OPENSSL_VERSION_NUMBER

[PATCH] BUG/MINOR: ssl: fix curve setup with LibreSSL

2019-11-24 Thread Lukas Tribus
Since commit 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead of OPENSSL_VERSION_NUMBER") we restrict LibreSSL to the OpenSSL 1.0.1 API, to avoid breaking LibreSSL every minute. We set HA_OPENSSL_VERSION_NUMBER to 0x1000107fL if LibreSSL is detected and only allow curves to be

Re: [PATCH] BUG/MINOR: ssl: fix curve setup with LibreSSL

2019-11-24 Thread Lukas Tribus
Hello, On Sun, Nov 24, 2019 at 6:20 PM Lukas Tribus wrote: > > Since commit 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER > instead of OPENSSL_VERSION_NUMBER") we restrict LibreSSL to the OpenSSL > 1.0.1 API, to avoid breaking LibreSSL every minute. We set >

Re: [PATCH] BUG/MINOR: ssl: Stop passing dynamic strings as format arguments

2019-11-24 Thread William Lallemand
On Sat, Nov 23, 2019 at 11:52:30PM +0100, Tim Duesterhus wrote: > gcc complains rightfully: > > src/ssl_sock.c: In function ‘ssl_sock_prepare_all_ctx’: > src/ssl_sock.c:5507:3: warning: format not a string literal and no format > arguments [-Wformat-security] >ha_warning(errmsg); >^ >

Why separate git repository for different versions?

2019-11-24 Thread flamesea12
Just wondering why not single git repository and use branches for different versions? Instead: haproxy-1.8.githaproxy-1.9.githaproxy-2.0.git use git://git.haproxy.com/haproxy.gitanddevelop branch for current developmentand v2.0/v1.9 branches...

[PATCH v2] CLEANUP: ssl: check if a transaction exists once before setting it

2019-11-24 Thread William Dauchy
trivial patch to fix issue #351 Fixes: bc6ca7ccaa72 ("MINOR: ssl/cli: rework 'set ssl cert' as 'set/commit'") Reported-by: Илья Шипицин Signed-off-by: William Dauchy --- src/ssl_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index

Re: [PATCH] MINOR: ssl: check transaction path before assigning it

2019-11-24 Thread William Dauchy
On Sun, Nov 24, 2019 at 12:15 AM William Lallemand wrote: > That's a remain of the previous way of doing this, which was done with an > array of 2 old_ckch, so the previous check was something like: > > > if (!old_ckchs[0] && !old_ckchs[1]) > > When a transaction is created the old_ckchs and the