Re: [PATCH] Support bump-ssl-server-first and mimic SSL server certificates

From: Tsantilas Christos <chtsanti_at_users.sourceforge.net>
Date: Mon, 16 Jul 2012 19:15:54 +0300

This is one more patch for bump-ssl-server-first feature.
This is handle most of Amos comments and allow use old ssl_bump syntax:
  ssl_bump allow/deny acl ...

This patch try to implement the following rules:
   1. Convert allow to client-first, with a deprecation warning. One
such warning per config.
   2. Convert deny to none, with a deprecation warning. One such warning
per config.
   3. If there was a conversion, make the implicit negation rule
explicit by adding either "none all" or "client-first all" as
appropriate. Emit a warning specifying which rule has been added. This
will need to be done after the entire configuration has been parsed, of
course. It uses the rrFinalizeConfig Runner.
   4. Issue a fatal error if a mixture of old and new keywords is found.

I am attaching two patches here. The first is the changes over the
original bump-ssl-server-first patch, which requested by Amos. And the
second is the final patch.

Regards,
   Christos

Received on Mon Jul 16 2012 - 16:17:05 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 17 2012 - 12:00:03 MDT