The current implementation fallbacks to the default context certificate if I recall correctly. No certificate will be generated in that case.
On Mon, Jul 6, 2020 at 3:01 PM Илья Шипицин <[email protected]> wrote: > Hello, Gersner. > > smal question. what will happen if client does not provide SNI (and we are > supposed to create certificate)? > > пн, 6 июл. 2020 г. в 05:12, <[email protected]>: > >> From: Shimi Gersner <[email protected]> >> >> Hi Team, Ilya, >> >> Following the conversation yesterday I have added a fix and manually >> tested the following openssl variants >> - openssl-{1.0.1e,1.0.2u,1.1.1g} >> - libressl-{2.9.2,3.1.1} >> >> Additionally I have re-ran travis/cirrus >> - https://travis-ci.com/github/gersner/haproxy/builds/174353855 >> - https://cirrus-ci.com/build/5482853758664704 >> >> >> PR Reference >> https://github.com/Azure/haproxy/tree/wip/sgersner/ca-sign-extra >> >> Thanks, >> Shimi. >> >> >> Shimi Gersner (2): >> MEDIUM: ssl: Support certificate chaining for certificate generation >> SMALL: ssl: Support SAN extension for certificate generation >> >> doc/configuration.txt | 16 ++++ >> include/haproxy/listener-t.h | 5 +- >> src/cfgparse-ssl.c | 29 +++++++ >> src/ssl_sock.c | 153 +++++++++++++++++++++++++---------- >> 4 files changed, 158 insertions(+), 45 deletions(-) >> >> -- >> 2.27.0 >> >>
