@swim2birds wrote:
I have a very generic simple configuration like this:
use_backend static unless { ssl_c_verify 0 } use_backend dotwebha-http-10600 if { ssl_c_used } # fall-through to holding page default_backend staticThe ssl_c_verify doesn’t seem to do anything. If I comment it out it has no effect whether or not you supply a cert.
vru-ws-webtest-b2buat:/# /usr/rbin/haproxy -vv HA-Proxy version 1.5.18 2016/05/10 Copyright 2000-2016 Willy Tarreau <willy@haproxy.org> Build options : TARGET = solaris CPU = generic CC = gcc CFLAGS = -m32 -O2 -g -fno-strict-aliasing -fomit-frame-pointer -DFD_SETSIZE=65536 -D_REENTRANT OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.3 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.2j 26 Sep 2016 Running on OpenSSL version : OpenSSL 1.0.2j 26 Sep 2016 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built without PCRE support (using libc's regex instead) Available polling systems : poll : pref=200, test result OK select : pref=150, test result OK Total: 2 (2 usable), will use poll. vru-ws-webtest-b2buat:/# uname -a SunOS vru-ws-webtest-b2buat 5.10 Generic_Virtual sun4v sparc sun4v vru-ws-webtest-b2buat:/#
Posts: 4
Participants: 2