From 27bd6ff96dc73d17d27d1507f7b7b86fe3ff93d5 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Wed, 1 Jul 2020 11:00:18 +0200 Subject: [PATCH] MINOR: connection: Set the SNI on server connections before installing the mux If an expression is configured to set the SNI on a server connection, the connection is marked as private. To not needlessly add it in the available connection list when the mux is installed, the SNI is now set on the connection before installing the mux, just after the call to si_connect(). --- src/backend.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/src/backend.c b/src/backend.c index 324d7565a..3f6e7daa2 100644 --- a/src/backend.c +++ b/src/backend.c @@ -1519,6 +1519,19 @@ int connect_server(struct stream *s) if (err != SF_ERR_NONE) return err; +#ifdef USE_OPENSSL + if (srv && srv->ssl_ctx.sni) { + struct sample *smp; + + smp = sample_fetch_as_type(s->be, s->sess, s, SMP_OPT_DIR_REQ | SMP_OPT_FINAL, + srv->ssl_ctx.sni, SMP_T_STR); + if (smp_make_safe(smp)) { + ssl_sock_set_servername(srv_conn, smp->data.u.str.area); + srv_conn->flags |= CO_FL_PRIVATE; + } + } +#endif /* USE_OPENSSL */ + /* We have to defer the mux initialization until after si_connect() * has been called, as we need the xprt to have been properly * initialized, or any attempt to recv during the mux init may @@ -1576,21 +1589,6 @@ int connect_server(struct stream *s) HA_ATOMIC_UPDATE_MAX(&srv->counters.cur_sess_max, count); if (s->be->lbprm.server_take_conn) s->be->lbprm.server_take_conn(srv); - -#ifdef USE_OPENSSL - if (srv->ssl_ctx.sni) { - struct sample *smp; - - smp = sample_fetch_as_type(s->be, s->sess, s, SMP_OPT_DIR_REQ | SMP_OPT_FINAL, - srv->ssl_ctx.sni, SMP_T_STR); - if (smp_make_safe(smp)) { - ssl_sock_set_servername(srv_conn, - smp->data.u.str.area); - srv_conn->flags |= CO_FL_PRIVATE; - } - } -#endif /* USE_OPENSSL */ - } /* Now handle synchronously connected sockets. We know the stream-int