Willy,
Am 23.12.18 um 21:20 schrieb Moemen MHEDHBI:
> Hi,
>
> The attached patch adds the ssl_sni_check converter which returns true
> if the sample input string matches a loaded certificate's CN/SAN.
>
> This can be useful to check for example if a host header matches a
> loaded certificate CN/SAN before doing a redirect:
>
> frontent fe_main
> bind 127.0.0.1:80
> bind 127.0.0.1:443 ssl crt /etc/haproxy/ssl/
> http-request redirect scheme https if !{ ssl_fc } {
> hdr(host),ssl_sni_check() }
>
>
> This converter may be even more useful when certificates will be
> added/removed at runtime.
>
This email serves to bump the patch which appears to have slipped
through the cracks. For the context see the "Re: Host header and sni
extension differ" thread.
Best regards
Tim Düsterhus
