mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 22:31:28 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: server: Make 'default-server' support 'check-ssl' keyword.

Browse Source 
This patch makes 'default-server' directive support 'check-ssl' setting
to enable SSL for health checks.
A new keyword 'no-check-ssl' has been added to disable this setting both in
'server' and 'default-server' directives.
This commit is contained in:
Frdric Lcaille 2017-03-13 10:38:04 +01:00 committed by Willy Tarreau
parent 31045e4c10
commit 340ae606af
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/ssl_sock.c
View File

@ -6532,6 +6532,16 @@ static int srv_parse_force_tlsv12(char **args, int *cur_arg, struct proxy *px, s
#endif #endif
} }
/* parse the "no-check-ssl" server keyword */
static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{
newsrv->check.use_ssl = 0;
free(newsrv->ssl_ctx.ciphers);
newsrv->ssl_ctx.ciphers = NULL;
newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
return 0;
}
/* parse the "no-ssl-reuse" server keyword */ /* parse the "no-ssl-reuse" server keyword */
static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{ {
@ -7361,7 +7371,7 @@ static struct bind_kw_list bind_kws = { "SSL", { }, {
*/ */
static struct srv_kw_list srv_kws = { "SSL", { }, { static struct srv_kw_list srv_kws = { "SSL", { }, {
{ "ca-file", srv_parse_ca_file, 1, 0 }, /* set CAfile to process verify server cert */ { "ca-file", srv_parse_ca_file, 1, 0 }, /* set CAfile to process verify server cert */
{ "check-ssl", srv_parse_check_ssl, 0, 0 }, /* enable SSL for health checks */ { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
{ "ciphers", srv_parse_ciphers, 1, 0 }, /* select the cipher suite */ { "ciphers", srv_parse_ciphers, 1, 0 }, /* select the cipher suite */
{ "crl-file", srv_parse_crl_file, 1, 0 }, /* set certificate revocation list file use on server cert verify */ { "crl-file", srv_parse_crl_file, 1, 0 }, /* set certificate revocation list file use on server cert verify */
{ "crt", srv_parse_crt, 1, 0 }, /* set client certificate */ { "crt", srv_parse_crt, 1, 0 }, /* set client certificate */
@ -7369,6 +7379,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
{ "force-tlsv10", srv_parse_force_tlsv10, 0, 0 }, /* force TLSv10 */ { "force-tlsv10", srv_parse_force_tlsv10, 0, 0 }, /* force TLSv10 */
{ "force-tlsv11", srv_parse_force_tlsv11, 0, 0 }, /* force TLSv11 */ { "force-tlsv11", srv_parse_force_tlsv11, 0, 0 }, /* force TLSv11 */
{ "force-tlsv12", srv_parse_force_tlsv12, 0, 0 }, /* force TLSv12 */ { "force-tlsv12", srv_parse_force_tlsv12, 0, 0 }, /* force TLSv12 */
{ "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
{ "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 0 }, /* disable session reuse */ { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 0 }, /* disable session reuse */
{ "no-sslv3", srv_parse_no_sslv3, 0, 0 }, /* disable SSLv3 */ { "no-sslv3", srv_parse_no_sslv3, 0, 0 }, /* disable SSLv3 */
{ "no-tlsv10", srv_parse_no_tlsv10, 0, 0 }, /* disable TLSv10 */ { "no-tlsv10", srv_parse_no_tlsv10, 0, 0 }, /* disable TLSv10 */