mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-16 15:11:01 +01:00
Code Issues Projects Releases Wiki Activity
haproxy/src
History
Frederic Lecaille 90064ac88b BUG/MINOR: quic: do not set first the default QUIC curves 
This patch impacts both the QUIC frontends and listeners.

Note that "ssl-default-bind-ciphersuites", "ssl-default-bind-curves",
are not ignored by QUIC by the frontend. This is also the case for the
backends with "ssl-default-server-ciphersuites" and "ssl-default-server-curves".

These settings are set by ssl_sock_prepare_ctx() for the frontends and
by ssl_sock_prepare_srv_ssl_ctx() for the backends. But ssl_quic_initial_ctx()
first sets the default QUIC frontends (see <quic_ciphers> and <quic_groups>)
before these ssl_sock.c function are called, leading some TLS stack to
refuse them if they do not support them. This is the case for some OpenSSL 3.5
stack with FIPS support. They do not support X25519.

To fix this, set the default QUIC ciphersuites and curves only if not already
set by the settings mentioned above.

Rename <quic_ciphers> global variable to <default_quic_ciphersuites>
and <quic_groups> to <default_quic_curves> to reflect the OpenSSL API naming.

These options are taken into an account by ssl_quic_initial_ctx()
which inspects these four variable before calling SSL_CTX_set_ciphersuites()
with <default_quic_ciphersuites> as parameter and SSL_CTX_set_curves() with
<default_quic_curves> as parameter if needed, that is to say, if no ciphersuites
and curves were set by "ssl-default-bind-ciphersuites", "ssl-default-bind-curves"
as global options  or "ciphersuites", "curves" as "bind" line options.
Note that the bind_conf struct is not modified when no "ciphersuites" or
"curves" option are used on "bind" lines.

On backend side, rely on ssl_sock_init_srv() to set the server ciphersuites
and curves. This function is modified to use respectively <default_quic_ciphersuites>
and <default_quic_curves> if no ciphersuites  and curves were set by
"ssl-default-server-ciphersuites", "ssl-default-server-curves" as global options
or "ciphersuites", "curves" as "server" line options.

Thank to @rwagoner for having reported this issue in GH #3194 when using
an OpenSSL 3.5.4 stack with FIPS support.

Must be backported as far as 2.6
2025-12-08 10:40:59 +01:00
..
_ceb_addr.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
_ceb_blk.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
_ceb_int.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
_ceb_str.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
acl.c
BUG/MINOR: acl: warn if "_sub" derivative used with an explicit match
2025-10-28 11:59:32 +01:00
acme.c
BUG/MINOR: acme: fix ha_alert() call
2025-11-25 20:20:25 +01:00
action.c
activity.c
MINOR: activity/memory: count allocations performed under a lock
2025-09-11 16:32:34 +02:00
applet.c
BUG/MEDIUM: applet: Fix conditions to detect spinning loop with the new API
2025-11-21 09:41:05 +01:00
arg.c
MINOR: arg: add an argument type for identifier
2024-10-18 14:30:24 +02:00
auth.c
BUG/MINOR: auth: Fix a leak on error path when parsing user's groups
2025-02-06 16:55:37 +01:00
backend.c
Revert "BUG/MEDIUM: server/ssl: Unset the SNI for new server connections if none is set"
2025-11-26 12:05:43 +01:00
base64.c
buf.c
CLEANUP: buffers: simplify b_get_varint()
2024-10-18 18:28:39 +02:00
cache.c
MINOR: cache: Use the <kip> value to check too big objects
2025-10-08 11:10:42 +02:00
calltrace.c
ceb32_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
ceb64_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
ceba_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebb_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebib_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebis_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebl_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebs_tree.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebtree-dbg.c
IMPORT: cebtree: import version 0.5.0 to support duplicates
2025-09-16 09:23:46 +02:00
cebtree-prv.h
IMPORT: import cebtree (compact elastic binary trees)
2024-09-15 23:44:59 +02:00
cfgcond.c
MINOR: cfgcond: add "awslc_api_atleast" and "awslc_api_before"
2025-11-14 11:01:45 +01:00
cfgdiag.c
MINOR: check: clarify check-reuse-pool interaction with reuse policy
2025-11-14 10:44:05 +01:00
cfgparse-global.c
BUG/MINOR: config: Limit "tune.maxpollevents" parameter to 1000000
2025-11-06 15:56:21 +01:00
cfgparse-listen.c
MEDIUM: proxy: index proxy ID using compact trees
2025-09-16 09:23:46 +02:00
cfgparse-quic.c
BUG/MINOR: quic-be: Missing keywords array NULL termination
2025-12-03 11:07:47 +01:00
cfgparse-ssl.c
BUG/MINOR: quic: do not set first the default QUIC curves
2025-12-08 10:40:59 +01:00
cfgparse-tcp.c
MINOR: server: add the "cc" keyword to set the TCP congestion controller
2025-09-17 17:19:33 +02:00
cfgparse-unix.c
cfgparse.c
BUG/MEDIUM: config: ignore empty args in skipped blocks
2025-12-04 15:33:43 +01:00
channel.c
MINOR: channel: Remove total field from channels
2025-11-06 15:01:29 +01:00
check.c
BUG/MINOR: check: fix QUIC check test when QUIC disabled
2025-11-14 17:27:53 +01:00
chunk.c
BUG/MEDIUM: chunk: make sure to flush the trash pool before resizing
2025-01-29 17:55:18 +01:00
cli.c
BUG/MEDIUM: cli: State the cli have no more data to deliver if it yields
2025-11-21 10:00:15 +01:00
clock.c
MINOR: clock: add clock_get_now_offset() helper
2025-08-07 22:27:09 +02:00
compression.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
connection.c
BUG/MEDIUM: connection: fix "bc_settings_streams_limit" typo
2025-12-04 15:26:54 +01:00
counters.c
MEDIUM: guid: switch guid to more compact cebuis_tree
2025-09-16 09:23:46 +02:00
cpu_topo.c
MINOR: cpu-topo: write thread-cpu bindings into trash buffer
2025-07-17 19:07:58 +02:00
cpuset.c
BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET()
2025-09-06 11:05:52 +02:00
debug.c
MINOR: thread: add a lock level information in the thread_ctx
2025-09-11 16:32:34 +02:00
dgram.c
MINOR: cfgparse: parse tune.{rcvbuf,sndbuf}.{frontend,backend} as sizes
2024-11-18 18:50:02 +01:00
dict.c
dns_ring.c
MAJOR: import: update mt_list to support exponential back-off (try #2)
2024-07-09 16:46:38 +02:00
dns.c
MEDIUM: dns: bind the nameserver sockets to the initiating thread
2025-09-10 16:48:09 +02:00
dynbuf.c
OPTIM: buffers: align the buffer pool to 64
2025-08-11 19:55:30 +02:00
eb32sctree.c
eb32tree.c
IMPORT: ebtree: only use __builtin_prefetch() when supported
2025-09-17 14:30:32 +02:00
eb64tree.c
IMPORT: ebtree: only use __builtin_prefetch() when supported
2025-09-17 14:30:32 +02:00
ebimtree.c
ebistree.c
ebmbtree.c
ebsttree.c
ebtree.c
ech.c
BUILD: ech: fix clang warnings
2025-11-14 11:35:38 +01:00
errors.c
MEDIUM: errors: get rid of shm_open()
2025-01-07 16:42:38 +01:00
ev_epoll.c
MEDIUM: pollers: Drop fd events after a takeover to another tgid.
2025-02-26 13:00:18 +01:00
ev_evports.c
MEDIUM: pollers: Drop fd events after a takeover to another tgid.
2025-02-26 13:00:18 +01:00
ev_kqueue.c
MEDIUM: pollers: Drop fd events after a takeover to another tgid.
2025-02-26 13:00:18 +01:00
ev_poll.c
DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints
2024-05-24 12:07:18 +02:00
ev_select.c
DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints
2024-05-24 12:07:18 +02:00
event_hdl.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
extcheck.c
BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration
2024-11-15 15:39:00 +01:00
fcgi-app.c
MEDIUM: stats: consider that shared stats pointers may be NULL
2025-09-18 16:49:51 +02:00
fcgi.c
fd.c
CLEANUP: fd: make use of ha_aligned_alloc() for the fdtab
2025-08-11 19:55:30 +02:00
filters.c
MEDIUM: htx: Remove the HTX extra field
2025-10-08 11:10:42 +02:00
fix.c
flt_bwlim.c
BUG/MINOR: freq_ctr: Prevent possible signed overflow in freq_ctr_overshoot_period
2025-11-24 14:10:13 +01:00
flt_http_comp.c
MINOR: compression: Use the <kip> value to check body size
2025-10-08 11:10:42 +02:00
flt_spoe.c
BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort
2025-08-26 16:12:18 +02:00
flt_trace.c
BUG/MINOR: flt-trace: Support only one name option
2025-02-06 17:01:15 +01:00
freq_ctr.c
BUG/MINOR: freq_ctr: Prevent possible signed overflow in freq_ctr_overshoot_period
2025-11-24 14:10:13 +01:00
frontend.c
MEDIUM: stats: avoid 1 indirection by storing the shared stats directly in counters struct
2025-07-25 16:46:10 +02:00
guid.c
MEDIUM: guid: switch guid to more compact cebuis_tree
2025-09-16 09:23:46 +02:00
h1_htx.c
BUG/MEDIUM: mux-h1: fix 414 / 431 status code reporting
2025-11-05 10:55:18 +01:00
h1.c
BUG/MEDIUM: h1/h2/h3: reject forbidden chars in the Host header field
2025-05-16 15:13:17 +02:00
h2.c
BUG/MINOR: h2: forbid 'Z' as well in header field names checks
2025-10-02 15:29:58 +02:00
h3_stats.c
MINOR: h3/qpack: adjust naming for errors
2024-05-16 10:31:17 +02:00
h3.c
BUG/MINOR: h3: handle properly buf alloc failure on response forwarding
2025-11-25 15:55:08 +01:00
haproxy.c
MINOR: limits: keep a copy of the rough estimate of needed FDs in global struct
2025-11-20 08:44:52 +01:00
hash.c
hlua_fcn.c
MINOR: stick-tables: Rename stksess shards to use buckets
2025-11-17 07:42:51 +01:00
hlua.c
MINOR: hlua/http-fetch: Use <kip> instead of HTX extra field to get body size
2025-10-08 11:10:25 +02:00
hpack-dec.c
hpack-enc.c
hpack-huff.c
hpack-tbl.c
hq_interop.c
MINOR: channel: Remove total field from channels
2025-11-06 15:01:29 +01:00
http_acl.c
http_act.c
MEDIUM: stats: consider that shared stats pointers may be NULL
2025-09-18 16:49:51 +02:00
http_ana.c
MINOR: channel: Remove total field from channels
2025-11-06 15:01:29 +01:00
http_client.c
BUG/MEDIUM: http-client: Fix the test on the response start-line
2025-09-19 14:59:28 +02:00
http_conv.c
MINOR: http-conv: Remove unreachable goto statement in sample_conv_q_preferred
2024-11-06 10:06:52 +01:00
http_ext.c
CLEANUP: assorted typo fixes in the code and comments
2025-04-02 11:12:20 +02:00
http_fetch.c
MINOR: hlua/http-fetch: Use <kip> instead of HTX extra field to get body size
2025-10-08 11:10:25 +02:00
http_htx.c
MINOR: config: Alert about extra arguments for errorfile and errorloc
2025-01-03 10:10:09 +01:00
http_rules.c
MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules
2024-11-19 15:20:02 +01:00
http.c
MINOR: http: fix 405,431,501 default errorfile
2025-10-29 08:47:19 +01:00
httpclient_cli.c
MINOR: httpclient-cli: Reset httpclient HTX buffer instead of removing blocks
2025-07-24 12:13:42 +02:00
htx.c
MEDIUM: htx: prevent <mark> to copy incomplete headers in htx_xfer_blks()
2025-01-31 15:51:51 +01:00
init.c
MINOR: init: add REGISTER_POST_DEINIT_MASTER() hook
2025-08-07 22:27:14 +02:00
jws.c
BUG/MEDIUM: jws: return size_t in JWS functions
2025-09-11 14:31:32 +02:00
jwt.c
MINOR: jwt: Add specific error code for known but unavailable certificate
2025-10-13 10:38:52 +02:00
lb_chash.c
BUG/MAJOR: lb-chash: fix key calculation when using default hash-key id
2025-10-16 10:43:09 +02:00
lb_fas.c
MINOR: proxies/servers: Calculate queueslength and use it.
2025-01-28 12:49:41 +01:00
lb_fwlc.c
BUG/MEDIUM: fwlc: Handle memory allocation failures.
2025-10-01 18:13:33 +02:00
lb_fwrr.c
MEDIUM: lb_fwrr: Don't start all thread groups on the same server.
2025-04-17 17:38:23 +02:00
lb_map.c
MINOR: proxies/servers: Calculate queueslength and use it.
2025-01-28 12:49:41 +01:00
lb_ss.c
MINOR: lbprm: implement true "sticky" balance algo
2024-03-29 17:08:37 +01:00
limits.c
MINOR: limits: display the computed maxconn using ha_notice()
2025-11-20 18:38:09 +01:00
linuxcap.c
MEDIUM: init: always warn when running as root without being asked to
2025-09-05 08:51:07 +02:00
listener.c
MINOR: listener: implement bind_conf_find_by_name()
2025-10-30 10:37:42 +01:00
log.c
MINOR: httpclient: complete the https log
2025-11-22 12:29:33 +01:00
lru.c
BUG/MINOR: lru: fix the standalone test case for invalid revision
2024-04-13 08:43:12 +02:00
mailers.c
MINOR: mailers: warn if mailers are configured but not actually used
2025-06-27 16:41:18 +02:00
map.c
MINOR: cli/applet: Move appctx fields only used by the CLI in a private context
2025-04-24 15:09:37 +02:00
mjson.c
CLEANUP: mjson: remove unused defines from mjson.h
2025-10-06 09:30:07 +02:00
mqtt.c
CLEANUP: mqtt: fix typo in MQTT_REMAINING_LENGHT_MAX_SIZE
2024-08-30 14:58:59 +02:00
mux_fcgi.c
BUG/MEDIUM: connection: do not reinsert a purgeable conn in idle list
2025-11-14 16:06:34 +01:00
mux_h1.c
MINOR: muxes: Support an optional ALPN string when defining mux protocols
2025-11-20 16:14:52 +01:00
mux_h2.c
MINOR: muxes: Support an optional ALPN string when defining mux protocols
2025-11-20 16:14:52 +01:00
mux_pt.c
MEDIUM: mux_h1/mux_pt: Use XPRT_CAN_SPLICE to decide if we should splice
2025-08-20 18:33:10 +02:00
mux_quic.c
BUG/MINOR: mux-quic: check access on qcs stream-endpoint
2025-11-21 11:16:07 +01:00
mux_spop.c
BUG/MEDIUM: connection: do not reinsert a purgeable conn in idle list
2025-11-14 16:06:34 +01:00
mworker.c
BUG/MEDIUM: mworker: signals inconsistencies during startup and reload
2025-11-18 10:05:42 +01:00
namespace.c
BUG/MINOR: namespace: handle a possible strdup() failure
2024-12-10 08:05:34 +01:00
ncbmbuf.c
MINOR: ncbmbuf: add tests as standalone mode
2025-10-22 15:04:24 +02:00
ncbuf.c
pattern.c
BUG/MINOR: pattern: Fix pattern lookup for map with opt@ prefix
2025-09-25 15:28:22 +02:00
payload.c
MINOR: ssl: Introduce new smp_client_hello_parse() function
2025-07-01 11:55:36 +02:00
peers.c
CLEANUP: peers: remove an unneeded null check
2025-11-14 13:47:20 +01:00
pipe.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
pool.c
BUG/MAJOR: pools: fix default pool alignment
2025-10-22 09:06:20 +02:00
proto_quic.c
MINOR: quic: store source address for backend conns
2025-11-20 16:44:03 +01:00
proto_rhttp.c
OPTIM: proto_rhttp: Don't set SNI for non-ssl connections
2025-09-05 15:56:42 +02:00
proto_sockpair.c
MINOR: proto_sockpair: send_fd_uxst: init iobuf, cmsghdr, cmsgbuf to zeros
2024-11-25 15:20:24 +01:00
proto_tcp.c
MINOR: server: add the "cc" keyword to set the TCP congestion controller
2025-09-17 17:19:33 +02:00
proto_udp.c
CLEANUP: protocol: no longer initialize .receivers nor .nb_receivers
2024-08-21 17:37:46 +02:00
proto_uxdg.c
MINOR: protocol: create abnsz socket address family
2024-10-29 12:14:50 +01:00
proto_uxst.c
MINOR: sock: Add protocol and socket types parameters to sock_create_server_socket()
2025-06-11 18:37:34 +02:00
protocol.c
MINOR: quic: rename "no-quic" to "tune.quic.listen"
2025-10-23 16:47:58 +02:00
proxy.c
Revert "MINOR: quic: use dynamic cc_algo on bind_conf"
2025-12-01 14:18:58 +01:00
qmux_http.c
MEDIUM: htx: Remove the HTX extra field
2025-10-08 11:10:42 +02:00
qmux_trace.c
MINOR: mux-quic: define flag for backend side
2025-06-12 11:28:54 +02:00
qpack-dec.c
MINOR: h3/qpack: adjust naming for errors
2024-05-16 10:31:17 +02:00
qpack-enc.c
BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side)
2025-07-15 18:39:23 +02:00
qpack-tbl.c
queue.c
OPTIM: queue: align the pendconn pools to 64
2025-08-11 19:55:30 +02:00
quic_ack.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
quic_cc_bbr.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cc_cubic.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cc_drs.c
BUG/MINOR: quic: remove max_bw filter from delivery rate sampling
2024-12-13 14:42:43 +01:00
quic_cc_newreno.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cc_nocc.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cc.c
MINOR: quic: define quic_cc_algo as const
2025-12-01 15:05:41 +01:00
quic_cid.c
MINOR: quic: split global CID tree between FE and BE sides
2025-11-25 14:30:18 +01:00
quic_cli.c
BUG/MINOR: quic: fix uninit list on show quic handler
2025-11-25 14:50:19 +01:00
quic_conn.c
MINOR: quic: Add useful debugging traces in qc_idle_timer_do_rearm()
2025-12-08 10:40:59 +01:00
quic_enc.c
TESTS: quic: useless param for b_quic_dec_int()
2025-10-15 09:58:03 +02:00
quic_fctl.c
MINOR: mux-quic: define a flow control related type
2024-01-31 16:28:54 +01:00
quic_frame.c
MINOR: quic-be: Parse the NEW_TOKEN frame
2025-11-13 14:04:31 +01:00
quic_loss.c
MINOR: quic: split congestion controler options for FE/BE usage
2025-10-23 16:49:20 +02:00
quic_openssl_compat.c
MINOR: quic: prefer qc_is_back() usage over qc->target
2025-08-07 16:59:59 +02:00
quic_pacing.c
MINOR: quic: adapt credit based pacing to BBR
2025-01-23 17:41:07 +01:00
quic_retransmit.c
MINOR: quic: prefer qc_is_back() usage over qc->target
2025-08-07 16:59:59 +02:00
quic_retry.c
MINOR: quic-be: address validation support implementation (RETRY)
2025-06-26 09:48:00 +02:00
quic_rules.c
CLEANUP: tree-wide: define and use acl_match_cond() helper
2025-01-27 11:11:43 +01:00
quic_rx.c
BUG/MINOR: quic-be: handshake errors without connection stream closure
2025-12-08 10:40:59 +01:00
quic_sock.c
MINOR: quic: store source address for backend conns
2025-11-20 16:44:03 +01:00
quic_ssl.c
BUG/MINOR: quic: do not set first the default QUIC curves
2025-12-08 10:40:59 +01:00
quic_stats.c
MINOR: stats: introduce a more expressive stat definition method
2024-04-26 10:20:57 +02:00
quic_stream.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
quic_tls.c
BUG/MAJOR: quic: use ncbmbuf for CRYPTO handling
2025-10-22 15:04:41 +02:00
quic_token.c
MINOR: quic: Token for future connections implementation.
2024-08-30 17:04:09 +02:00
quic_tp.c
MINOR: quic-be: validate the 0-RTT transport parameters
2025-11-13 14:04:31 +01:00
quic_trace.c
MINOR: quic: Add useful debugging traces in qc_idle_timer_do_rearm()
2025-12-08 10:40:59 +01:00
quic_tx.c
BUG/MEDIUM: quic: do not prevent sending if no BE token
2025-11-25 14:30:18 +01:00
raw_sock.c
MINOR: rawsock: introduce CO_RFL_TRY_HARDER to detect closures on complete reads
2025-10-01 10:23:01 +02:00
regex.c
MINOR: regex: use a thread-local match pointer for pcre2
2025-10-13 16:56:43 +02:00
resolvers.c
BUG/MINOR: resolvers: ensure fair round robin iteration
2025-11-02 17:28:32 +01:00
ring.c
OPTIM: ring: avoid reloading the tail_ofs value before the CAS in ring_write()
2025-09-18 15:27:32 +02:00
sample.c
BUG/MINOR: jwt: Missing "case" in switch statement
2025-11-28 16:36:46 +01:00
server_state.c
MEDIUM: stats: consider that shared stats pointers may be NULL
2025-09-18 16:49:51 +02:00
server.c
MINOR: quic: implement cc-algo server keyword
2025-12-01 15:53:58 +01:00
session.c
MEDIUM: stats: consider that shared stats pointers may be NULL
2025-09-18 16:49:51 +02:00
sha1.c
shctx.c
DEBUG: shctx: name shared memory using vma_set_name()
2024-05-21 17:55:03 +02:00
signal.c
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL
2025-08-11 19:55:30 +02:00
sink.c
BUG/MINOR: sink: retry attempt for sft server may never occur
2025-10-03 14:31:05 +02:00
slz.c
IMPORT: slz: silence a build warning on non-x86 non-arm
2025-05-16 16:43:53 +02:00
sock_inet.c
BUG/MINOR: sock-inet: ignore conntrack for transparent sockets on Linux
2025-11-26 13:43:58 +01:00
sock_unix.c
MEDIUM: socket: add zero-terminated ABNS alternative
2024-10-29 12:15:24 +01:00
sock.c
MINOR: sock: update broken accept4 detection for older hardwares.
2025-08-08 06:01:18 +02:00
ssl_ckch.c
BUG/MINOR: acme: allow 'key' when generating cert
2025-11-06 14:11:43 +01:00
ssl_clienthello.c
BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces
2025-12-08 10:40:59 +01:00
ssl_crtlist.c
MEDIUM: ssl/cli: relax crt insertion in crt-list of type directory
2025-08-11 17:42:16 +02:00
ssl_gencert.c
BUG/MEDIUM: quic: Crash after QUIC server callbacks restoration (OpenSSL 3.5)
2025-07-09 16:01:02 +02:00
ssl_ocsp.c
MEDIUM: ssl/ckch: use ckch_store instead of ckch_data for ckch_conf_kws
2025-11-06 11:56:27 +01:00
ssl_sample.c
MINOR: ssl/sample: expose ssl_*c_curve for AWS-LC
2025-11-13 17:36:43 +01:00
ssl_sock.c
BUG/MINOR: quic-be: handshake errors without connection stream closure
2025-12-08 10:40:59 +01:00
ssl_trace.c
BUG/MINOR: ssl: Fix potential NULL deref in trace callback
2025-09-11 14:31:32 +02:00
ssl_utils.c
BUG/MINOR: acme: P-256 doesn't work with openssl >= 3.0
2025-11-18 11:34:28 +01:00
stats-file.c
BUG/MEDIUM: stats-file: fix shm-stats-file preload not working anymore
2025-11-11 22:36:17 +01:00
stats-html.c
MINOR: stats: display new curr_sess_idle_conns server counter
2025-08-28 18:58:11 +02:00
stats-json.c
BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer
2025-02-06 17:19:49 +01:00
stats-proxy.c
MINOR: stats-proxy: ensure future-proof FN_AGE manipulation in me_generate_field()
2025-11-10 21:32:22 +01:00
stats.c
MINOR: pattern: add a counter of added/freed patterns
2025-07-05 00:12:45 +02:00
stconn.c
MINOR: channel: Remove total field from channels
2025-11-06 15:01:29 +01:00
stick_table.c
MINOR: stick-tables: Rename stksess shards to use buckets
2025-11-17 07:42:51 +01:00
stream.c
DEBUG: stream: Add bytes_in/bytes_out value for both SC in session dump
2025-11-06 15:01:29 +01:00
systemd.c
BUILD: systemd: fix usage of reserved name "sun" in the address field
2024-11-25 08:09:09 +01:00
task.c
MINOR: sched: pass the thread number to is_sched_alive()
2025-10-01 10:18:53 +02:00
tcp_act.c
MEDIUM: stats: consider that shared stats pointers may be NULL
2025-09-18 16:49:51 +02:00
tcp_rules.c
MEDIUM: stats: consider that shared stats pointers may be NULL
2025-09-18 16:49:51 +02:00
tcp_sample.c
MINOR: sample: define bc_reused fetch
2025-04-02 14:57:40 +02:00
tcpcheck.c
Revert "BUG/MEDIUM: server/ssl: Unset the SNI for new server connections if none is set"
2025-11-26 12:05:43 +01:00
thread.c
BUG/MEDIUM: threads/config: drop absent threads from thread groups
2025-10-17 20:36:00 +02:00
time.c
tools.c
MINOR: cfgcond: add "awslc_api_atleast" and "awslc_api_before"
2025-11-14 11:01:45 +01:00
trace.c
MINOR: trace: don't call strlen() on the function's name
2025-09-18 08:31:57 +02:00
uri_auth.c
MEDIUM: uri_auth: implement clean uri_auth cleaning
2024-11-14 15:03:38 +01:00
uri_normalizer.c
BUILD: tree-wide: cast arguments to tolower/toupper to unsigned char (2)
2024-07-18 13:29:52 +02:00
vars.c
CLEANUP: vars: use the item API for the variables trees
2025-09-16 10:51:23 +02:00
version.c
REORG: version: move the remaining BUILD_* stuff from haproxy.c to version.c
2025-01-20 17:53:55 +01:00
wdt.c
BUG/MEDIUM: wdt: improve stuck task detection accuracy
2025-10-01 10:18:53 +02:00
xprt_handshake.c
MINOR: xprt: Add recvmsg() and sendmsg() parameters to rcv_buf() and snd_buf().
2025-08-20 17:28:03 +02:00
xprt_quic.c
BUG/MINOR: quic: release BE quic_conn on connect failure
2025-11-25 14:50:23 +01:00