Hi,
This patch depend of " [Patches] TLS methods configuration reworked »..
Actually it will only work with BoringSSL because haproxy use a special ssl_sock_switchctx_cbk
with a BoringSSL callback to select certificat before any handshake negotiation.
This feature (and others depend of this ssl_sock_switchctx_cbk) could work with openssl 1.1.1 and
the new callback https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_early_cb.html.
++
Manu
This patch depend of " [Patches] TLS methods configuration reworked »..
Actually it will only work with BoringSSL because haproxy use a special ssl_sock_switchctx_cbk
with a BoringSSL callback to select certificat before any handshake negotiation.
This feature (and others depend of this ssl_sock_switchctx_cbk) could work with openssl 1.1.1 and
the new callback https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_early_cb.html.
++
Manu