mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-12 18:16:58 +02:00
Code Issues Projects Releases Wiki Activity
ec5c110e2d
haproxy/reg-tests/ssl
History
Willy Tarreau 68574dd492 MEDIUM: log: add the client's SNI to the default HTTPS log format 
During a troublehooting it came obvious that the SNI always ought to
be logged on httpslog, as it explains errors caused by selection of
the default certificate (or failure to do so in case of strict-sni).

This expectation was also confirmed on the mailing list.

Since the field may be empty it appeared important not to leave an
empty string in the current format, so it was decided to place the
field before a '/' preceding the SSL version and ciphers, so that
in the worst case a missing field leads to a field looking like
"/TLSv1.2/AES...", though usually a missing element still results
in a "-" in logs.

This will change the log format for users who already deployed the
2.5-dev versions (hence the medium level) but no released version
was using this format yet so there's no harm for stable deployments.
The reg-test was updated to check for "-" there since we don't send
SNI in reg-tests.

Link: https://www.mail-archive.com/haproxy@formilux.org/msg41410.html
Cc: William Lallemand <wlallemand@haproxy.org>
2021-11-06 09:20:07 +01:00
..
add_ssl_crt-list.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ca-auth.crt REGTEST: ssl: test the client certificate authentication 2020-04-28 22:04:13 +02:00
cert1-example.com.pem.ecdsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
cert1-example.com.pem.rsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
cert2-example.com.pem.ecdsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
cert2-example.com.pem.rsa REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021-04-02 15:47:17 +02:00
client1.pem MINOR: ssl: add ssl_{c,s}_chain_der fetch methods 2020-08-07 15:38:40 +02:00
client2_expired.pem REGTEST: ssl: test the client certificate authentication 2020-04-28 22:04:13 +02:00
client3_revoked.pem REGTEST: ssl: test the client certificate authentication 2020-04-28 22:04:13 +02:00
common.crt REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
common.key REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
common.pem MINOR: ssl: add ssl_{c,s}_chain_der fetch methods 2020-08-07 15:38:40 +02:00
crl-auth.pem REGTEST: ssl: test the client certificate authentication 2020-04-28 22:04:13 +02:00
del_ssl_crt-list.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ecdsa.crt REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
ecdsa.key REGTEST: ssl: test "set ssl cert" with separate key / crt 2020-10-23 18:41:08 +02:00
ecdsa.pem REGTEST: ssl: test the "set ssl cert" CLI command 2019-12-19 13:51:38 +01:00
filters.crt-list REGTEST: ssl: test wildcard and multi-type + exclusions 2020-11-06 14:59:36 +01:00
interCA1_crl_empty.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
interCA1_crl.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
interCA2_crl_empty.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
interCA2_crl.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
localhost.crt-list REGTEST: ssl: pollute the crt-list file 2020-04-01 20:10:53 +02:00
new_del_ssl_cafile.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
new_del_ssl_crlfile.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
README MINOR: reg-tests: Add a few regression testing files. 2018-06-20 10:03:24 +02:00
rootCA_crl.pem REGTESTS: ssl: Add "set/commit ssl crl-file" test 2021-05-17 10:50:24 +02:00
set_cafile_client.pem REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_interCA1.crt REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_interCA2.crt REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_rootCA.crt REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_cafile_server.pem REGTESTS: ssl: Add new ca-file update tests 2021-05-17 10:50:24 +02:00
set_default_cert.crt-list BUG/MINOR: ssl: Fix update of default certificate 2021-03-26 13:06:29 +01:00
set_default_cert.pem BUG/MINOR: ssl: Fix update of default certificate 2021-03-26 13:06:29 +01:00
set_ssl_cafile.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
set_ssl_cert_bundle.vtc REGTESTS: ssl: re-enable set_ssl_cert_bundle.vtc 2021-10-14 11:06:16 +02:00
set_ssl_cert_noext.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
set_ssl_cert.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
set_ssl_crlfile.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
set_ssl_server_cert.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
show_ocsp_server.pem REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ocsp_server.pem.issuer REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ocsp_server.pem.ocsp REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ocsp_server.pem.ocsp.revoked REGTESTS: ssl: Add "show ssl ocsp-response" test 2021-06-10 16:44:11 +02:00
show_ssl_ocspresponse.vtc REGTESTS: ssl: wrong feature cmd in show_ssl_ocspresponse.vtc 2021-09-30 18:45:18 +02:00
simple.crt-list BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded 2020-11-06 16:39:39 +01:00
ssl_client_auth.vtc REGTESTS: Remove REQUIRE_VERSION=1.6 from all tests 2021-06-11 19:21:28 +02:00
ssl_client_samples.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ssl_crt-list_filters.vtc REGTESTS: ssl: enable ssl_crt-list_filters.vtc again 2021-09-30 15:39:59 +02:00
ssl_default_server.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ssl_errors.vtc MEDIUM: log: add the client's SNI to the default HTTPS log format 2021-11-06 09:20:07 +01:00
ssl_frontend_samples.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ssl_server_samples.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00
ssl_simple_crt-list.vtc CLEANUP: reg-tests: Remove obsolete no-htx parameter for reg-tests 2021-06-04 15:41:21 +02:00
wrong_ctx_storage.vtc MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size 2021-08-26 19:52:04 +02:00

README 

File list:
 - common.pem: PEM file which may be used by most of the VTC files.