forked from pool/haproxy
- update to 1.6.1
- DOC: specify that stats socket doc (section 9.2) is in
management
- BUILD: install only relevant and existing documentation
- CLEANUP: don't ignore debian/ directory if present
- BUG/MINOR: dns: parsing error of some DNS response
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
disabled
- MEDIUM: dns: Don't use the ANY query type
- drop haproxy-1.6.0-ssl.crash.patch included in update
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=121
This commit is contained in:
Git OBS Bridge
parent
4ee640c9c5
commit
a0ac0e2dfc
@ -1,53 +0,0 @@
|
||||
diff --git a/include/types/connection.h b/include/types/connection.h
|
||||
index dfbff6a..070d779 100644
|
||||
--- a/include/types/connection.h
|
||||
+++ b/include/types/connection.h
|
||||
@@ -122,7 +122,10 @@ enum {
|
||||
/* This connection may not be shared between clients */
|
||||
CO_FL_PRIVATE = 0x10000000,
|
||||
|
||||
- /* unused : 0x20000000, 0x40000000 */
|
||||
+ /* A dynamically generated SSL certificate was used for this connection */
|
||||
+ CO_FL_DYN_SSL_CTX = 0x20000000,
|
||||
+
|
||||
+ /* unused : 0x40000000 */
|
||||
|
||||
/* This last flag indicates that the transport layer is used (for instance
|
||||
* by logs) and must not be cleared yet. The last call to conn_xprt_close()
|
||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||
index 5319532..2829af8 100644
|
||||
--- a/src/ssl_sock.c
|
||||
+++ b/src/ssl_sock.c
|
||||
@@ -1232,6 +1232,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s)
|
||||
ctx = ssl_sock_get_generated_cert(serial, s);
|
||||
if (ctx) {
|
||||
/* switch ctx */
|
||||
+ conn->flags |= CO_FL_DYN_SSL_CTX;
|
||||
SSL_set_SSL_CTX(ssl, ctx);
|
||||
return SSL_TLSEXT_ERR_OK;
|
||||
}
|
||||
@@ -1271,6 +1272,9 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s)
|
||||
if (s->generate_certs &&
|
||||
(ctx = ssl_sock_generate_certificate(servername, s, ssl))) {
|
||||
/* switch ctx */
|
||||
+ struct connection *conn = (struct connection *)SSL_get_app_data(ssl);
|
||||
+
|
||||
+ conn->flags |= CO_FL_DYN_SSL_CTX;
|
||||
SSL_set_SSL_CTX(ssl, ctx);
|
||||
return SSL_TLSEXT_ERR_OK;
|
||||
}
|
||||
@@ -3124,11 +3128,11 @@ static void ssl_sock_close(struct connection *conn) {
|
||||
|
||||
if (conn->xprt_ctx) {
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
- if (!ssl_ctx_lru_tree && objt_listener(conn->target)) {
|
||||
+ if ((conn->flags & CO_FL_DYN_SSL_CTX) && !ssl_ctx_lru_tree) {
|
||||
SSL_CTX *ctx = SSL_get_SSL_CTX(conn->xprt_ctx);
|
||||
- if (ctx != objt_listener(conn->target)->bind_conf->default_ctx)
|
||||
- SSL_CTX_free(ctx);
|
||||
+ SSL_CTX_free(ctx);
|
||||
}
|
||||
+ conn->flags &= ~CO_FL_DYN_SSL_CTX,
|
||||
#endif
|
||||
SSL_free(conn->xprt_ctx);
|
||||
conn->xprt_ctx = NULL;
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e83a272b7d3638cf1d37bba58d3e75f497c1862315ee5bb7f5efc1d98d26e25b
|
||||
size 1538022
|
||||
3
haproxy-1.6.1.tar.gz
Normal file
3
haproxy-1.6.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:71da2abe610ed42afd6678c2e95321db5f3c416fe2803235f75fc459d8246289
|
||||
size 1538337
|
||||
@ -1,3 +1,18 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 22 10:21:00 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
- update to 1.6.1
|
||||
- DOC: specify that stats socket doc (section 9.2) is in
|
||||
management
|
||||
- BUILD: install only relevant and existing documentation
|
||||
- CLEANUP: don't ignore debian/ directory if present
|
||||
- BUG/MINOR: dns: parsing error of some DNS response
|
||||
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
|
||||
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
|
||||
disabled
|
||||
- MEDIUM: dns: Don't use the ANY query type
|
||||
- drop haproxy-1.6.0-ssl.crash.patch included in update
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 19 16:15:57 UTC 2015 - mrueckert@suse.de
|
||||
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
%bcond_without apparmor
|
||||
|
||||
Name: haproxy
|
||||
Version: 1.6.0
|
||||
Version: 1.6.1
|
||||
Release: 0
|
||||
#
|
||||
#
|
||||
@ -71,8 +71,7 @@ Source4: haproxy.cfg
|
||||
Patch1: haproxy-1.6.0_config_haproxy_user.patch
|
||||
Patch2: haproxy-1.6.0-makefile_lib.patch
|
||||
Patch3: haproxy-1.6.0-sec-options.patch
|
||||
Patch4: haproxy-1.6.0-ssl.crash.patch
|
||||
Patch5: haproxy-1.6.0-ssl-098.patch
|
||||
Patch4: haproxy-1.6.0-ssl-098.patch
|
||||
#
|
||||
Source99: haproxy-rpmlintrc
|
||||
#
|
||||
@ -107,7 +106,6 @@ the most work done from every CPU cycle.
|
||||
%patch2
|
||||
%patch3
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
%{__make} \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user