Faulet
>From f8d90c49944a64b153091a6f524dd22db26b8c80 Mon Sep 17 00:00:00 2001
From: Christopher Faulet
Date: Thu, 8 Jun 2017 22:18:52 +0200
Subject: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist
for openssl < 1.1.0
For openssl 1.0.2, SSLv3_server_meth
On Wed, Jun 14, 2017 at 03:11:28PM +0200, Christopher Faulet wrote:
> Hi,
>
> HAProxy compilation fails if OpenSSL 1.0.2 is compiled without the support
> of SSLv3 methods (SSL3_server_method and SSL3_client_method). The manpage
> SSL_CTX_new(3) specifies that these functions are available if
> OP
> Le 14 juin 2017 à 16:43, Willy Tarreau a écrit :
>
> On Wed, Jun 14, 2017 at 03:11:28PM +0200, Christopher Faulet wrote:
>> Hi,
>>
>> HAProxy compilation fails if OpenSSL 1.0.2 is compiled without the support
>> of SSLv3 methods (SSL3_server_method and SSL3_client_method). The manpage
>> SSL_
> Le 14 juin 2017 à 18:09, Emmanuel Hocdet a écrit :
>
>
>> Le 14 juin 2017 à 16:43, Willy Tarreau a écrit :
>>
>> On Wed, Jun 14, 2017 at 03:11:28PM +0200, Christopher Faulet wrote:
>>> Hi,
>>>
>>> HAProxy compilation fails if OpenSSL 1.0.2 is compiled without the support
>>> of SSLv3 metho
Hi Manu,
On Thu, Jun 15, 2017 at 02:17:01PM +0200, Emmanuel Hocdet wrote:
> The mistake is from commit 5db33cbd "MEDIUM: ssl: ssl_methods implementation
> is
> reworked and factored for min/max tlsxx ». I lost the correct #define when i
> rework my
> initials patches. This patch will fix that (f
> Le 15 juin 2017 à 14:37, Willy Tarreau a écrit :
>
> Hi Manu,
>
> On Thu, Jun 15, 2017 at 02:17:01PM +0200, Emmanuel Hocdet wrote:
>> The mistake is from commit 5db33cbd "MEDIUM: ssl: ssl_methods implementation
>> is
>> reworked and factored for min/max tlsxx ». I lost the correct #define wh
> Le 15 juin 2017 à 16:18, Emmanuel Hocdet a écrit :
>
>
>> Le 15 juin 2017 à 14:37, Willy Tarreau mailto:w...@1wt.eu>> a
>> écrit :
>>
>> Hi Manu,
>>
>> On Thu, Jun 15, 2017 at 02:17:01PM +0200, Emmanuel Hocdet wrote:
>>> The mistake is from commit 5db33cbd "MEDIUM: ssl: ssl_methods
>>> im
Hi Willy,
I would like you consider this patches because Christopher’s patch is false and
doesn’t support other ssl libs and openssl >= 1.1.0.
I sent my original patch with more comments and another with a little cleanup:
++
Manu
0001-BUG-MINOR-ssl-remove-haproxy-SSLv3-support-when-ssl-.pat
Hi Manu!
Please don't forget to CC Emeric and keep in mind that I still don't
understand anything about openssl, so for me it's always a huge pain
each time to try to have an opinion on openssl related changes.
On Wed, Jul 12, 2017 at 02:54:16PM +0200, Emmanuel Hocdet wrote:
>
> Hi Willy,
>
> I
Hi Manu,
On 07/12/2017 03:23 PM, Willy Tarreau wrote:
> Hi Manu!
>
> Please don't forget to CC Emeric and keep in mind that I still don't
> understand anything about openssl, so for me it's always a huge pain
> each time to try to have an opinion on openssl related changes.
>
> On Wed, Jul 12, 2
> Le 12 juil. 2017 à 15:23, Willy Tarreau a écrit :
>
> Hi Manu!
>
> Please don't forget to CC Emeric and keep in mind that I still don't
> understand anything about openssl, so for me it's always a huge pain
> each time to try to have an opinion on openssl related changes.
>
oops indeed
> O
On Wed, Jul 12, 2017 at 03:54:28PM +0200, Emmanuel Hocdet wrote:
> Yes i'm confident because i worked a lot to abstract tls version/api support
> with
> older/newer openssl versions. It's what i do with haproxy's methodVersions
> table
> for ssl-min/max-ver support.
> What i'm missing is OPENSSL_
Hi guys,
On Wed, Jul 12, 2017 at 03:36:24PM +0200, Emeric Brun wrote:
> Same worries, the openssl 0.9.8 is still maintained in redhat 5 so we should
> be able to compile with this version.
OK so I checked and this patch is OK with 0.9.8zh, 1.0.0t, 1.0.1u and 1.0.2k,
so I merged it.
However Manu,
> Le 19 juil. 2017 à 14:54, Willy Tarreau a écrit :
>
> Hi guys,
>
> On Wed, Jul 12, 2017 at 03:36:24PM +0200, Emeric Brun wrote:
>> Same worries, the openssl 0.9.8 is still maintained in redhat 5 so we should
>> be able to compile with this version.
>
> OK so I checked and this patch is OK wi
Le 19 juil. 2017 à 15:37, Emmanuel Hocdet a écrit :Le 19 juil. 2017 à 14:54, Willy Tarreau a écrit :Hi guys,On Wed, Jul 12, 2017 at 03:36:24PM +0200, Emeric Brun wrote:Same worries, the openssl 0.9.8 is still maintained in redhat 5 so we shouldbe able to compile with
On Wed, Jul 19, 2017 at 04:15:49PM +0200, Emmanuel Hocdet wrote:
> >>
> >> src/ssl_sock.c: In function 'ssl_sock_load_cert_chain_file':
> >> src/ssl_sock.c:3038:20: error: 'TLSEXT_signature_anonymous' undeclared
> >> (first use in this function)
> >> src/ssl_sock.c:3038:20: note: each undeclared
16 matches
Mail list logo