Hi,
. patches serie rebase from master . update openssl 1.1.1 api calls with new early callback name
Hi Emeric, Christopher
If you can review when you have time. (3) for Christopher.
This patches allows to support native multicert selection (RSA/ECDSA) and
ssl-min-ver/ ssl-max-ver per certificat with openssl 1.1.1 (boringssl is the only
one to support this until this patch).
patches:
1) Convert BoringSSL api call (CBS) to ssl-lib independent code.
This is the biggest part and only depend on BoringSSL build (until 2).
2) support openssl 1.1.1 early callback API. It mimic BoringSSL api, and this
is a good news (small patch).
Do we want to push code for openssl 1.1.1 (dev) in haproxy (dev) now?
3) Add generated certificate for early switch-ctx.
Historically this part has been skipped (no supported for boringssl).
There are now a ssl_sock_generate_certificate_from_conn func, but i don’t
understand how this take a real/generated cert.
Christopher, can you take a look?
Manu
|
0001-MEDIUM-ssl-convert-CBS-BoringSSL-api-usage-to-neutra.patch
Description: Binary data
0002-MINOR-ssl-support-Openssl-1.1.1-early-callback-for-s.patch
Description: Binary data
0003-MINOR-ssl-generated-certificate-is-missing-in-switch.patch
Description: Binary data
