haproxy/proto at e1f38dbb44ed7947a1036f7b267e9c2ca8aa9116 - haproxy - gitea@git.xfx1.de

mirrors/haproxy

mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-10-09 06:31:34 +02:00

History

Emeric Brun e1f38dbb44 MEDIUM: ssl: protect against client-initiated renegociation

CVE-2009-3555 suggests that client-initiated renegociation should be
prevented in the middle of data. The workaround here consists in having
the SSL layer notify our callback about a handshake occurring, which in
turn causes the connection to be marked in the error state if it was
already considered established (which means if a previous handshake was
completed). The result is that the connection with the client is immediately
aborted and any pending data are dropped.

2012-09-03 22:03:17 +02:00

..

acl.h

REORG: rename "pattern" files

2012-05-08 20:57:21 +02:00

arg.h

MEDIUM: add a new typed argument list parsing framework

2012-05-08 20:57:10 +02:00

auth.h

MAJOR: acl: make use of the new sample struct and get rid of acl_test

2012-05-08 20:57:14 +02:00

backend.h

REORG/MAJOR: use "struct channel" instead of "struct buffer"

2012-09-02 21:54:55 +02:00

channel.h

CLEANUP: channel: use "channel" instead of "buffer" in function names

2012-09-03 20:47:33 +02:00

checks.h

CLEANUP: Make check_statuses, analyze_statuses and process_chk static

2012-03-24 21:54:19 +01:00

connection.h

CLEANUP: includes: fix includes for a number of users of fd.h

2012-09-03 20:49:14 +02:00

cttproxy.h

[MEDIUM] check for cttproxy support when required

2007-03-24 17:24:39 +01:00

dumpstats.h

REORG: buffers: split buffers into chunk,buffer,channel

2012-09-03 20:47:32 +02:00

fd.h

MEDIUM: fd: add fd_poll_{recv,send} for use when explicit polling is required

2012-09-02 21:53:11 +02:00

freq_ctr.h

[MINOR] freq_ctr: add new types and functions for periods different from 1s

2010-08-10 14:01:09 +02:00

frontend.h

CLEANUP: frontend: remove the old proxy protocol decoder

2012-09-03 20:47:35 +02:00

hdr_idx.h

OPTIM/MINOR: move the hdr_idx pools out of the proxy struct

2011-10-24 18:15:04 +02:00

lb_chash.h

[MEDIUM] backend: implement consistent hashing variation

2009-10-09 07:17:58 +02:00

lb_fas.h

MEDIUM: backend: add the 'first' balancing algorithm

2012-02-21 22:27:27 +01:00

lb_fwlc.h

[CLEANUP] backend: move LB algos to individual files

2009-10-01 11:19:37 +02:00

lb_fwrr.h

[CLEANUP] backend: move LB algos to individual files

2009-10-01 11:19:37 +02:00

lb_map.h

[MINOR] lb_map: reorder code in order to ease integration of new hash functions

2009-10-01 21:11:15 +02:00

log.h

MEDIUM: log: Unique ID

2012-04-07 16:25:26 +02:00

peers.h

[CLEANUP] peers.h: fix declarations

2011-06-18 20:27:19 +02:00

pipe.h

[MEDIUM] introduce pipe pools

2009-01-25 13:49:53 +01:00

port_range.h

[MEDIUM] add support for binding to source port ranges during connect

2009-06-10 12:23:32 +02:00

proto_http.h

REORG/MAJOR: use "struct channel" instead of "struct buffer"

2012-09-02 21:54:55 +02:00

proto_tcp.h

MINOR: tcp: replace tcp_src_to_stktable_key with addr_to_stktable_key

2012-09-03 20:47:34 +02:00

proto_uxst.h

BUG/MEDIUM: stream_interface: restore get_src/get_dst

2012-05-11 16:48:10 +02:00

protocols.h

REORG/MEDIUM: move the default accept function from sockstream to protocols.c

2012-05-08 21:28:15 +02:00

proxy.h

MEDIUM: session: add support for tunnel timeouts

2012-05-12 12:50:00 +02:00

queue.h

BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend

2012-01-20 16:18:53 +01:00

raw_sock.h

CLEANUP: connection: split sock_ops into data_ops, app_cp and si_ops

2012-09-03 20:47:31 +02:00

sample.h

REORG: rename "pattern" files

2012-05-08 20:57:21 +02:00

server.h

[OPTIM] counters: move some max numbers to the counters struct

2009-10-04 23:26:19 +02:00

session.h

MAJOR: connection: make the PROXY decoder a handshake handler

2012-09-03 20:47:35 +02:00

signal.h

CLEANUP: includes: fix includes for a number of users of fd.h

2012-09-03 20:49:14 +02:00

ssl_sock.h

MEDIUM: ssl: protect against client-initiated renegociation

2012-09-03 22:03:17 +02:00

stick_table.h

REORG: use the name "sample" instead of "pattern" to designate extracted data

2012-05-08 20:57:20 +02:00

stream_interface.h

MEDIUM: proto_tcp: remove any dependence on stream_interface

2012-09-03 20:47:34 +02:00

task.h

[MAJOR] proxy: finally get rid of maintain_proxies()

2011-07-25 16:33:49 +02:00

template.h

[CLEANUP] included common/version.h everywhere

2006-06-29 18:54:54 +02:00