mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 07:37:02 +02:00
Code Issues Projects Releases Wiki Activity
292dfdd78d
haproxy/include
History
Frédéric Lécaille 292dfdd78d BUG/MINOR: quic: Wrong cluster secret initialization 
The function generate_random_cluster_secret() which initializes the cluster secret
when not supplied by configuration is buggy. There 1/256 that the cluster secret
string is empty.

To fix this, one stores the cluster as a reduced size first 128 bits of its own
SHA1 (160 bits) digest, if defined by configuration. If this is not the case, it
is initialized with a 128 bits random value. Furthermore, thus the cluster secret
is always initialized.

As the cluster secret is always initialized, there are several tests which
are for now on useless. This patch removes such tests (if(global.cluster_secret))
in the QUIC code part and at parsing time: no need to check that a cluster
secret was initialized with "quic-force-retry" option.

Must be backported as far as 2.6.
2023-09-08 09:50:58 +02:00
..
haproxy BUG/MINOR: quic: Wrong cluster secret initialization 2023-09-08 09:50:58 +02:00
import BUILD: import: guard plock.h against multiple inclusion 2023-08-26 17:28:08 +02:00
make BUILD: makefile: fix build issue on GNU make < 3.82 2023-05-24 15:51:03 +02:00