William Lallemand
William Lallemand
I think it's doable, there is a function SSL_get0_verified_chain() provided by OpenSSL which can return the verified chain of the client, I never used it, but I think that could...
merged since 2.6, closing.
Okay that's not the same error at all. This type of errors doesn't seem to be ignored, we'll have to rework the resolvers_finalize_config... :(
I'll work on a fix, thanks for the report.
The patch above should fix your problem.
Hi @shadyabhi, thanks for your proposal, there are minor issues but nothing difficult to fix! Your ssl_sock_get_verified_chain_root() function is not doing things right in my opinion, in a STACK_OF(X509) the...
@shadyabhi any update on this? do you need help?
Thank you, I pushed the patch to master. > I've added the test as well. However, I don't like how it is written. For the cert `client1.pem` in the test...
> @wlallemand Great, happy to contribute. I'll keep looking for opportunities around the next one. :) Thanks! We are always happy to have external contribution, HAProxy wouldn't be that powerful...
looks like you are using https://github.com/acmesh-official/acme.sh/pull/4581, please report there. It was fixed in the PR. The problem only exists with DEPLOY_HAPROXY_HOT_UPDATE=yes.