BUG/MAJOR: ssl: missing tests in ACL fetch functions
Baptiste Assmann observed a crash of 1.5-dev12 occuring when the ssl_sni
fetch was used with no SNI on the input connection and without a prior
has_sni check. A code review revealed several issues :
1) it was possible to call the has_sni and ssl_sni fetch functions with
a NULL data_ctx if the handshake fails or if the connection is aborted
during the handshake.
2) when no SNI is present, strlen() was called with a NULL parameter in
smp_fetch_ssl_sni().
projects / haproxy.git / commit