mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 15:17:01 +02:00
Code Issues Projects Releases Wiki Activity
30a432d198
haproxy/src
History
William Lallemand ed9b8fec49 BUG/MEDIUM: ssl: AWS-LC + TLSv1.3 won't do ECDSA in RSA+ECDSA configuration 
SSL_get_ciphers() in AWS-LC seems to lack the TLSv1.3 ciphersuites,
which break the ECDSA key selection when doing TLSv1.3.

An issue was opened https://github.com/aws/aws-lc/issues/1638

Indeed, in ssl_sock_switchctx_cbk(), the sigalgs is used to determine if
ECDSA is doable or not, then the function compares the list of ciphers in
the clienthello with the list of configured ciphers.

The fix solves the issue by never skipping the TLSv1.3 ciphersuites,
even if they are not in SSL_get_ciphers().
2024-06-17 17:40:49 +02:00
..
acl.c BUG/MINOR: acl: support built-in ACLs with acl() sample 2024-05-06 18:42:54 +02:00
action.c MINOR: support for http-request set-timeout client 2023-09-28 08:49:22 +02:00
activity.c BUG/MINOR: activity: fix Delta_calls and Delta_bytes count 2024-05-28 19:25:08 +02:00
applet.c BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego 2024-06-05 07:28:10 +02:00
arg.c
auth.c
backend.c MEDIUM: connection: use pool-conn-name instead of sni on reuse 2024-05-24 14:47:21 +02:00
base64.c
cache.c MINOR: applet: set the blocking flag in the buffer allocation function 2024-05-10 17:18:13 +02:00
calltrace.c
cbuf.c
cfgcond.c
cfgdiag.c
cfgparse-global.c MINOR: log: add log-profile parsing logic 2024-06-13 15:43:09 +02:00
cfgparse-listen.c MINOR: stats: use STAT_F_* prefix for flags 2024-04-22 16:25:18 +02:00
cfgparse-quic.c MINOR: mux-quic: support glitches 2024-05-16 10:58:20 +02:00
cfgparse-ssl.c MINOR: ssl: relax the 'ssl.default-dh-param' keyword parsing 2024-06-14 11:36:52 +02:00
cfgparse-tcp.c MINOR: capabilities: add cap_sys_admin support 2024-04-30 21:40:17 +02:00
cfgparse-unix.c
cfgparse.c BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning 2024-05-31 18:30:16 +02:00
channel.c MINOR: tree-wide: Only rely on co_data() to check channel emptyness 2023-10-17 18:51:13 +02:00
check.c MEDIUM: dynbuf: generalize the use of b_dequeue() to detach buffer_wait 2024-05-10 17:18:13 +02:00
chunk.c MEDIUM: init: initialize the trash earlier 2023-09-08 16:25:19 +02:00
cli.c MINOR: log: provide sending log context to process_send_log() when available 2024-06-13 15:43:09 +02:00
clock.c BUILD: clock: improve check for pthread_getcpuclockid() 2024-05-06 08:25:17 +02:00
compression.c MINOR: dynbuf: pass a criticality argument to b_alloc() 2024-05-10 17:18:13 +02:00
connection.c BUG/MINOR: rhttp: initialize session origin after preconnect reversal 2024-05-24 14:47:21 +02:00
cpuset.c CLEANUP: Reapply xalloc_cast.cocci 2024-04-02 07:27:33 +02:00
debug.c MINOR: init: use RLIMIT_DATA instead of RLIMIT_AS 2024-04-19 17:36:40 +02:00
dgram.c MINOR: dgram: allow to set rcv/sndbuf for dgram sockets as well 2023-10-18 17:01:19 +02:00
dict.c
dns_ring.c MEDIUM: ring/applet: turn the wait_entry list to an mt_list instead 2024-03-25 17:34:19 +00:00
dns.c MEDIUM: ring/applet: turn the wait_entry list to an mt_list instead 2024-03-25 17:34:19 +00:00
dynbuf.c MEDIUM: dynbuf: implement emergency buffers 2024-05-10 17:18:13 +02:00
eb32sctree.c
eb32tree.c
eb64tree.c
ebimtree.c
ebistree.c
ebmbtree.c
ebpttree.c
ebsttree.c
ebtree.c
errors.c DEBUG: errors: add name hint for startup-logs memory area 2024-05-21 17:55:20 +02:00
ev_epoll.c DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints 2024-05-24 12:07:18 +02:00
ev_evports.c Revert: MEDIUM: evports: permit to report multiple events at once" 2024-05-17 15:57:18 +02:00
ev_kqueue.c
ev_poll.c DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints 2024-05-24 12:07:18 +02:00
ev_select.c DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints 2024-05-24 12:07:18 +02:00
event_hdl.c CLEANUP: Reapply strcmp.cocci (2) 2024-04-02 07:27:33 +02:00
extcheck.c MINOR: ext-check: add an option to preserve environment variables 2023-11-23 16:53:57 +01:00
fcgi-app.c MINOR: log: provide proxy context to resolve_logger() 2024-06-13 15:43:09 +02:00
fcgi.c
fd.c BUILD: fd: errno is also needed without poll() 2024-05-27 19:14:14 +02:00
filters.c Revert "MINOR: filter: "filter" requires TCP or HTTP mode" 2023-11-18 11:16:21 +01:00
fix.c
flt_bwlim.c BUG/MINOR: bwlim/config: fix missing '\n' after error messages 2024-04-03 17:34:36 +02:00
flt_http_comp.c MINOR: dynbuf: pass a criticality argument to b_alloc() 2024-05-10 17:18:13 +02:00
flt_spoe.c MINOR: log: provide proxy context to resolve_logger() 2024-06-13 15:43:09 +02:00
flt_trace.c
freq_ctr.c BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period 2023-11-08 16:38:06 +01:00
frontend.c MINOR: log: provide sending log context to process_send_log() when available 2024-06-13 15:43:09 +02:00
guid.c MINOR: guid: define guid_is_valid_fmt() 2024-04-26 11:29:25 +02:00
h1_htx.c BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless 2024-06-04 14:23:40 +02:00
h1.c BUG/MAJOR: h1: Be stricter on request target validation during message parsing 2024-05-15 21:20:37 +02:00
h2.c MINOR: h2: Set the BODYLESS_RESP flag on the HTX start-line if necessary 2023-10-17 18:51:13 +02:00
h3_stats.c MINOR: h3/qpack: adjust naming for errors 2024-05-16 10:31:17 +02:00
h3.c MINOR: h3: report glitch on RFC violation 2024-05-16 10:58:54 +02:00
haproxy.c MAJOR: config: prevent QUIC with clients privileged port by default 2024-05-24 14:36:31 +02:00
hash.c
hlua_fcn.c MINOR: stats: define stats-file output format support 2024-04-26 10:20:57 +02:00
hlua.c DEBUG: hlua: distinguish burst timeout errors from exec timeout errors 2024-06-14 18:25:58 +02:00
hpack-dec.c
hpack-enc.c
hpack-huff.c
hpack-tbl.c
hq_interop.c MINOR: dynbuf: pass a criticality argument to b_alloc() 2024-05-10 17:18:13 +02:00
http_acl.c
http_act.c MAJOR: log: implement proper postparsing for logformat expressions 2024-04-04 19:10:01 +02:00
http_ana.c MINOR: log: provide sending log context to process_send_log() when available 2024-06-13 15:43:09 +02:00
http_client.c MINOR: server: define pool-conn-name keyword 2024-05-24 14:36:31 +02:00
http_conv.c
http_ext.c OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6} 2024-03-25 16:24:15 +01:00
http_fetch.c MEDIUM: tree-wide: add logformat expressions wrapper 2024-04-04 19:10:01 +02:00
http_htx.c BUG/MINOR: http-htx: Support default path during scheme based normalization 2024-05-24 16:17:24 +02:00
http_rules.c MAJOR: log: implement proper postparsing for logformat expressions 2024-04-04 19:10:01 +02:00
http.c MEDIUM: http: add the ability to redefine http-err-codes and http-fail-codes 2024-01-11 15:10:08 +01:00
htx.c CLEANUP: assorted typo fixes in the code and comments 2023-11-23 16:23:14 +01:00
init.c
jwt.c
lb_chash.c MEDIUM: lb-chash: Deterministic node hashes based on server address 2024-04-02 07:00:10 +02:00
lb_fas.c
lb_fwlc.c
lb_fwrr.c
lb_map.c
lb_ss.c MINOR: lbprm: implement true "sticky" balance algo 2024-03-29 17:08:37 +01:00
linuxcap.c MINOR: capabilities: add cap_sys_admin support 2024-04-30 21:40:17 +02:00
listener.c MINOR: counters: move freq-ctr from proxy/server into counters struct 2024-05-02 10:55:25 +02:00
log.c BUG/MINOR: log: fix broken '+bin' logformat node option 2024-06-14 18:25:21 +02:00
lru.c BUG/MINOR: lru: fix the standalone test case for invalid revision 2024-04-13 08:43:12 +02:00
mailers.c
map.c MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI commands 2024-03-28 17:28:20 +01:00
mjson.c
mqtt.c
mux_fcgi.c BUG/MEDIUM: muxes: enforce buf_wait check in takeover() 2024-05-15 19:37:12 +02:00
mux_h1.c BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request 2024-06-12 16:12:47 +02:00
mux_h2.c BUG/MEDIUM: muxes: enforce buf_wait check in takeover() 2024-05-15 19:37:12 +02:00
mux_pt.c MINOR: muxes: Add ctl commands to get info on streams for a connection 2024-05-06 22:00:00 +02:00
mux_quic.c MINOR: mux-quic: Don't send an emtpy H3 DATA frame during zero-copy forwarding 2024-06-05 07:28:10 +02:00
mworker-prog.c
mworker.c MEDIUM: mworker: get rid of libsystemd 2024-04-03 15:53:18 +02:00
namespace.c
ncbuf.c
pattern.c MINOR: map: mapfile ordering also matters for tree-based match types 2024-01-11 11:13:54 +01:00
payload.c
peers.c CLEANUP: assorted typo fixes in the code and comments 2024-05-03 09:01:36 +02:00
pipe.c
pool.c DEBUG: pools: report the data around the offending area in case of mismatch 2024-04-12 18:01:55 +02:00
proto_quic.c MINOR: proto: fix coding style 2024-05-22 12:00:11 +02:00
proto_rhttp.c BUG/MINOR: rhttp: initialize session origin after preconnect reversal 2024-05-24 14:47:21 +02:00
proto_sockpair.c
proto_tcp.c MINOR: proto: fix coding style 2024-05-22 12:00:11 +02:00
proto_udp.c MEDIUM: udp: allow to retrieve the frontend destination address 2024-01-02 11:44:42 +01:00
proto_uxdg.c
proto_uxst.c MINOR: proto: fix coding style 2024-05-22 12:00:11 +02:00
protocol.c MINOR: listener/protocol: add proto name in alerts 2024-04-12 18:51:40 +02:00
proxy.c CLEANUP: log/proxy: fix comment in proxy_free_common() 2024-06-11 11:00:11 +02:00
qmux_http.c MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS 2023-12-21 15:42:08 +01:00
qmux_trace.c MEDIUM: mux-quic: simplify sending API 2024-01-31 16:28:54 +01:00
qpack-dec.c MINOR: h3/qpack: adjust naming for errors 2024-05-16 10:31:17 +02:00
qpack-enc.c BUG/MEDIUM: qpack: allow 6xx..9xx status codes 2024-01-29 15:40:19 +01:00
qpack-tbl.c
queue.c MINOR: counters: move last_change into counters struct 2024-05-02 10:55:25 +02:00
quic_ack.c BUILD: quic: Variable name typo inside a BUG_ON(). 2024-02-05 14:31:21 +01:00
quic_cc_cubic.c BUILD: quic: 32 bits compilation issue (QUIC_MIN() usage) 2024-04-03 11:14:50 +02:00
quic_cc_newreno.c MINOR: quic: HyStart++ implementation (RFC 9406) 2024-04-02 18:47:19 +02:00
quic_cc_nocc.c REORG: quic: Move QUIC path definitions/declarations to quic_cc module 2023-11-28 15:37:50 +01:00
quic_cc.c
quic_cid.c CLEANUP: quic_cid: remove unused listener arg 2023-11-30 15:04:27 +01:00
quic_cli.c MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI commands 2024-03-28 17:28:20 +01:00
quic_conn.c BUG/MINOR: quic: ensure Tx buf is always purged 2024-06-10 10:29:28 +02:00
quic_fctl.c MINOR: mux-quic: define a flow control related type 2024-01-31 16:28:54 +01:00
quic_frame.c BUG/MINOR: quic: reject unknown frame type 2024-02-15 17:04:17 +01:00
quic_loss.c MINOR: quic: Add a counter for reordered packets 2024-02-14 11:32:29 +01:00
quic_openssl_compat.c BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT) 2024-01-16 10:17:27 +01:00
quic_retransmit.c REORG: quic: Add a new module for retransmissions 2023-11-28 15:47:18 +01:00
quic_retry.c BUG/MEDIUM: quic: don't blindly rely on unaligned accesses 2024-04-06 00:07:49 +02:00
quic_rx.c BUG/MINOR: quic: adjust restriction for stateless reset emission 2024-05-24 14:36:31 +02:00
quic_sock.c MINOR: quic: clarify doc for quic_recv() 2024-05-24 14:36:31 +02:00
quic_ssl.c MEDIUM: ssl: support for ECDA+RSA certificate selection with AWS-LC 2024-06-13 19:36:40 +02:00
quic_stats.c MINOR: stats: introduce a more expressive stat definition method 2024-04-26 10:20:57 +02:00
quic_stream.c MEDIUM: mux-quic: properly handle conn Tx buf exhaustion 2024-01-31 16:28:54 +01:00
quic_tls.c MINOR: quic: uniformize sending methods for handshake 2024-04-10 11:06:41 +02:00
quic_tp.c BUG/MEDIUM: quic: don't blindly rely on unaligned accesses 2024-04-06 00:07:49 +02:00
quic_trace.c CLEANUP: assorted typo fixes in the code and comments 2023-11-23 16:23:14 +01:00
quic_tx.c MINOR: quic: refactor qc_prep_pkts() loop 2024-06-12 18:05:40 +02:00
raw_sock.c MEDIUM: raw-sock: Specifiy amount of data to send via snd_pipe callback 2023-10-17 18:51:13 +02:00
regex.c
resolvers.c BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section 2024-06-12 08:55:52 +02:00
ring.c CLEANUP: assorted typo fixes in the code and comments 2024-04-17 11:14:44 +02:00
sample.c MINOR: sample: implement the uptime sample fetch 2024-05-27 11:06:40 +02:00
server_state.c MINOR: counters: move last_change into counters struct 2024-05-02 10:55:25 +02:00
server.c BUG/MINOR: server: Don't reset resolver options on a new default-server line 2024-05-24 16:31:01 +02:00
session.c MEDIUM: log/session: handle embryonic session log within sess_log() 2024-06-13 15:43:09 +02:00
sha1.c
shctx.c DEBUG: shctx: name shared memory using vma_set_name() 2024-05-21 17:55:03 +02:00
signal.c CLEANUP: assorted typo fixes in the code and comments 2023-11-23 16:23:14 +01:00
sink.c DEBUG: sink: add name hint for memory area used by memory-backed sinks 2024-05-21 17:55:09 +02:00
slz.c
sock_inet.c
sock_unix.c MEIDUM: unix sock: use my_socketat to create bind socket 2024-04-30 21:38:24 +02:00
sock.c MEDIUM: config: prevent communication with privileged ports 2024-05-24 14:36:31 +02:00
ssl_ckch.c MEDIUM: ssl: don't load file by discovering them in crt-store 2024-05-21 18:30:45 +02:00
ssl_clienthello.c BUG/MEDIUM: ssl: AWS-LC + TLSv1.3 won't do ECDSA in RSA+ECDSA configuration 2024-06-17 17:40:49 +02:00
ssl_crtlist.c MEDIUM: ssl: don't load file by discovering them in crt-store 2024-05-21 18:30:45 +02:00
ssl_gencert.c MEDIUM: ssl: allow to change the OpenSSL security level from global section 2024-03-12 17:37:11 +01:00
ssl_ocsp.c MEDIUM: ssl/cli: handle crt-store keywords in crt-list over the CLI 2024-05-17 17:35:51 +02:00
ssl_sample.c MINOR: ssl: implement keylog fetches for backend connections 2024-04-19 14:48:44 +02:00
ssl_sock.c BUILD: ssl: disable deprecated functions for AWS-LC 1.29.0 2024-06-14 10:41:36 +02:00
ssl_utils.c
stats-file.c BUILD: stats: remove non portable getline() usage 2024-05-17 14:53:19 +02:00
stats-html.c BUG/MINOR: stats: Don't state the 303 redirect response is chunked 2024-05-17 16:33:53 +02:00
stats-json.c MINOR: stats: update ambiguous "metrics" naming to "stat_cols" 2024-04-26 10:20:57 +02:00
stats-proxy.c MINOR: stats: extract proxy clear-counter in a dedicated function 2024-05-02 16:43:26 +02:00
stats.c CLEANUP: assorted typo fixes in the code and comments 2024-05-03 09:01:36 +02:00
stconn.c MINOR: dynbuf: pass a criticality argument to b_alloc() 2024-05-10 17:18:13 +02:00
stick_table.c MINOR: stktable: avoid ambiguous stktable_data_ptr() usage in cli_io_handler_table() 2024-06-03 16:59:54 +02:00
stream.c MINOR: log: provide sending log context to process_send_log() when available 2024-06-13 15:43:09 +02:00
systemd.c MEDIUM: mworker: get rid of libsystemd 2024-04-03 15:53:18 +02:00
task.c CLEANUP: assorted typo fixes in the code and comments 2023-11-23 16:23:14 +01:00
tcp_act.c MINOR: server: define pool-conn-name keyword 2024-05-24 14:36:31 +02:00
tcp_rules.c MINOR: log/backend: prevent tcp-{request,response} use with LOG mode 2023-11-18 11:16:21 +01:00
tcp_sample.c MINOR: sample: accept_date / request_date return %Ts / %tr timestamp values 2023-07-24 17:12:29 +02:00
tcpcheck.c BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser 2024-05-31 18:37:56 +02:00
thread.c MINOR: config: add thread-hard-limit to set an upper bound to nbthread 2024-05-24 09:46:49 +02:00
time.c
tools.c BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory 2024-05-31 18:55:36 +02:00
trace.c BUILD: trace: fix warning on null dereference 2024-05-24 14:36:03 +02:00
uri_auth.c MINOR: stats: use STAT_F_* prefix for flags 2024-04-22 16:25:18 +02:00
uri_normalizer.c
vars.c MAJOR: log: implement proper postparsing for logformat expressions 2024-04-04 19:10:01 +02:00
version.c
wdt.c
xprt_handshake.c
xprt_quic.c BUG/MEDIUM: quic: fix connection freeze on post handshake 2024-03-06 10:39:57 +01:00