This is one more patch for bump-ssl-server-first feature.
This is handle most of Amos comments and allow use old ssl_bump syntax:
ssl_bump allow/deny acl ...
This patch try to implement the following rules:
1. Convert allow to client-first, with a deprecation warning. One
such warning per config.
2. Convert deny to none, with a deprecation warning. One such warning
per config.
3. If there was a conversion, make the implicit negation rule
explicit by adding either "none all" or "client-first all" as
appropriate. Emit a warning specifying which rule has been added. This
will need to be done after the entire configuration has been parsed, of
course. It uses the rrFinalizeConfig Runner.
4. Issue a fatal error if a mixture of old and new keywords is found.
I am attaching two patches here. The first is the changes over the
original bump-ssl-server-first patch, which requested by Amos. And the
second is the final patch.
Regards,
Christos
This archive was generated by hypermail 2.2.0 : Tue Jul 17 2012 - 12:00:03 MDT