9b25982716
The CRT and CA verify error codes were stored in 6 bits each in the xprt_st field of the ssl_sock_ctx meaning that only error code up to 63 could be stored. Likewise, the ca-ignore-err and crt-ignore-err options relied on two unsigned long longs that were used as bitfields for all the ignored error codes. On the latest OpenSSL1.1.1 and with OpenSSLv3 and newer, verify errors have exceeded this value so these two storages must be increased. The error codes will now be stored on 7 bits each and the ignore-err bitfields are replaced by a big enough array and dedicated bit get and set functions. It can be backported on all stable branches. [wla: let it be tested a little while before backport] Signed-off-by: William Lallemand <wlallemand@haproxy.org>