Re: [PATCH v2 0/2] Certificate Generation Enhancements

2020-07-11 Thread Gersner
Oh, yes, missed the mail from William.

Will go over the comments shortly. Thanks

On Sat, Jul 11, 2020 at 1:54 PM Tim Düsterhus  wrote:

> Shimi,
>
> Am 11.07.20 um 09:28 schrieb Gersner:
> > Gentle ping on this. Can I assist with providing more information?
>
> William responded on the v1 of your patch. I assume he didn't see that
> there was a v2, because it's a separate email thread. I put him in Cc.
>
> https://www.mail-archive.com/haproxy@formilux.org/msg37884.html
> https://www.mail-archive.com/haproxy@formilux.org/msg37885.html
>
> Best regards
> Tim Düsterhus
>


Re: [PATCH v2 0/2] Certificate Generation Enhancements

2020-07-11 Thread Tim Düsterhus
Shimi,

Am 11.07.20 um 09:28 schrieb Gersner:
> Gentle ping on this. Can I assist with providing more information?

William responded on the v1 of your patch. I assume he didn't see that
there was a v2, because it's a separate email thread. I put him in Cc.

https://www.mail-archive.com/haproxy@formilux.org/msg37884.html
https://www.mail-archive.com/haproxy@formilux.org/msg37885.html

Best regards
Tim Düsterhus



Re: [PATCH v2 0/2] Certificate Generation Enhancements

2020-07-11 Thread Gersner
Hi Iliya, Team,

Gentle ping on this. Can I assist with providing more information?

Shimi.

On Mon, Jul 6, 2020 at 4:29 PM Gersner  wrote:

> The current implementation fallbacks to the default context certificate if
> I recall correctly. No certificate will be generated in that case.
>
> On Mon, Jul 6, 2020 at 3:01 PM Илья Шипицин  wrote:
>
>> Hello, Gersner.
>>
>> smal question. what will happen if client does not provide SNI (and we
>> are supposed to create certificate)?
>>
>> пн, 6 июл. 2020 г. в 05:12, :
>>
>>> From: Shimi Gersner 
>>>
>>> Hi Team, Ilya,
>>>
>>> Following the conversation yesterday I have added a fix and manually
>>> tested the following openssl variants
>>>   - openssl-{1.0.1e,1.0.2u,1.1.1g}
>>>   - libressl-{2.9.2,3.1.1}
>>>
>>> Additionally I have re-ran travis/cirrus
>>>   - https://travis-ci.com/github/gersner/haproxy/builds/174353855
>>>   - https://cirrus-ci.com/build/5482853758664704
>>>
>>>
>>> PR Reference
>>> https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra
>>>
>>> Thanks,
>>> Shimi.
>>>
>>>
>>> Shimi Gersner (2):
>>>   MEDIUM: ssl: Support certificate chaining for certificate generation
>>>   SMALL: ssl: Support SAN extension for certificate generation
>>>
>>>  doc/configuration.txt|  16 
>>>  include/haproxy/listener-t.h |   5 +-
>>>  src/cfgparse-ssl.c   |  29 +++
>>>  src/ssl_sock.c   | 153 +--
>>>  4 files changed, 158 insertions(+), 45 deletions(-)
>>>
>>> --
>>> 2.27.0
>>>
>>>


Re: [PATCH v2 0/2] Certificate Generation Enhancements

2020-07-06 Thread Gersner
The current implementation fallbacks to the default context certificate if
I recall correctly. No certificate will be generated in that case.

On Mon, Jul 6, 2020 at 3:01 PM Илья Шипицин  wrote:

> Hello, Gersner.
>
> smal question. what will happen if client does not provide SNI (and we are
> supposed to create certificate)?
>
> пн, 6 июл. 2020 г. в 05:12, :
>
>> From: Shimi Gersner 
>>
>> Hi Team, Ilya,
>>
>> Following the conversation yesterday I have added a fix and manually
>> tested the following openssl variants
>>   - openssl-{1.0.1e,1.0.2u,1.1.1g}
>>   - libressl-{2.9.2,3.1.1}
>>
>> Additionally I have re-ran travis/cirrus
>>   - https://travis-ci.com/github/gersner/haproxy/builds/174353855
>>   - https://cirrus-ci.com/build/5482853758664704
>>
>>
>> PR Reference
>> https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra
>>
>> Thanks,
>> Shimi.
>>
>>
>> Shimi Gersner (2):
>>   MEDIUM: ssl: Support certificate chaining for certificate generation
>>   SMALL: ssl: Support SAN extension for certificate generation
>>
>>  doc/configuration.txt|  16 
>>  include/haproxy/listener-t.h |   5 +-
>>  src/cfgparse-ssl.c   |  29 +++
>>  src/ssl_sock.c   | 153 +--
>>  4 files changed, 158 insertions(+), 45 deletions(-)
>>
>> --
>> 2.27.0
>>
>>


Re: [PATCH v2 0/2] Certificate Generation Enhancements

2020-07-06 Thread Илья Шипицин
Hello, Gersner.

smal question. what will happen if client does not provide SNI (and we are
supposed to create certificate)?

пн, 6 июл. 2020 г. в 05:12, :

> From: Shimi Gersner 
>
> Hi Team, Ilya,
>
> Following the conversation yesterday I have added a fix and manually
> tested the following openssl variants
>   - openssl-{1.0.1e,1.0.2u,1.1.1g}
>   - libressl-{2.9.2,3.1.1}
>
> Additionally I have re-ran travis/cirrus
>   - https://travis-ci.com/github/gersner/haproxy/builds/174353855
>   - https://cirrus-ci.com/build/5482853758664704
>
>
> PR Reference
> https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra
>
> Thanks,
> Shimi.
>
>
> Shimi Gersner (2):
>   MEDIUM: ssl: Support certificate chaining for certificate generation
>   SMALL: ssl: Support SAN extension for certificate generation
>
>  doc/configuration.txt|  16 
>  include/haproxy/listener-t.h |   5 +-
>  src/cfgparse-ssl.c   |  29 +++
>  src/ssl_sock.c   | 153 +--
>  4 files changed, 158 insertions(+), 45 deletions(-)
>
> --
> 2.27.0
>
>