[SOLVED] HAProxy front end SSL certificate limit?

[akron]

# opnsense-patch -c plugins 00151b8

This is better...

Right, so it seems I'm getting the same error again..

[fraenki]

I know I'm late to the party... I'll try to prepare a fix later today, requires a few code changes and tests.


Regards
- Frank

[akron]

I know I'm late to the party... I'll try to prepare a fix later today, requires a few code changes and tests.


Regards
- Frank

Thanks no worries 

[franco]

According to the manual "crl" argument also takes directories, that seems to be the only solution of of this long line debacle.

[fraenki]

According to the manual "crl" argument also takes directories, that seems to be the only solution of of this long line debacle.

No, actually crt-list makes more sense in this case, IMHO.
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#crt-list

I'm working on this right now.


Regards
- Frank

[akron]

According to the manual "crl" argument also takes directories, that seems to be the only solution of of this long line debacle.

I have never used HAproxy before and I'm not trying to be greedy or anything or wanting infinite ssl certificates with one system.

I am just short in public IPs, only one in fact and wanted to see if I could deploy further SSLs in one box.

OPNsense has been choice number one here after ditching UTM and pfsense and so far is the best traffic eater Firewall appliance i ever seen   

Cheers

[fraenki]

The fix is ready for testing:

Code: [Select]

opnsense-patch -c plugins 6a82b37
For reference: https://github.com/opnsense/plugins/pull/209


Regards
- Frank

[akron]

The fix is ready for testing:

Code: [Select]

opnsense-patch -c plugins 6a82b37
For reference: https://github.com/opnsense/plugins/pull/209


Regards
- Frank

Nice one fraenki is working now  Thanks for this

will this be shipped in future releases or we need to always patch  ?

Thanks both for the help

Cheers

[akron]

The fix is ready for testing:

Code: [Select]

opnsense-patch -c plugins 6a82b37
For reference: https://github.com/opnsense/plugins/pull/209


Regards
- Frank

Also where can I contribute or buy you guys a beer..?

[fraenki]

will this be shipped in future releases or we need to always patch  ?

It will be available in 17.7.1 (at the latest).

Also where can I contribute or buy you guys a beer..?

You're always welcome to report issues, suggest enhancements or even provide some fixes:
https://github.com/opnsense/core/issues
https://github.com/opnsense/plugins/issues

On the other hand, the OPNsense projects welcomes donations too:
https://opnsense.org/donate/

Thanks for reporting this issue!


Regards
- Frank

[akron]

will this be shipped in future releases or we need to always patch  ?

It will be available in 17.7.1 (at the latest).

Also where can I contribute or buy you guys a beer..?

You're always welcome to report issues, suggest enhancements or even provide some fixes:
https://github.com/opnsense/core/issues
https://github.com/opnsense/plugins/issues

On the other hand, the OPNsense projects welcomes donations too:
https://opnsense.org/donate/

Thanks for reporting this issue!


Regards
- Frank

Donated

Thank you

[franco]

Yay, thanks to both of you!

We'll add this for 17.7.1, we want to play it safe for 17.7.


Cheers,
Franco