mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-04-15 10:42:56 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: tcpcheck: Use tcpcheck flags to know a healthcheck uses SSL connections

Browse Source 
The proxy flag PR_O_TCPCHK_SSL is replaced by a flag on the tcpcheck
itself. When TCPCHK_FL_USE_SSL flag is set, it means the healthcheck will
use an SSL connection and the SSL xprt must be prepared for the server.
This commit is contained in:
Christopher Faulet 2026-03-26 22:54:12 +01:00
parent b58f567ff3
commit 64e3029e8b
5 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/haproxy/proxy-t.h
View File

@ -117,7 +117,7 @@ enum PR_SRV_STATE_FILE {
#define PR_O_HTTP_DROP_REQ_TRLS 0x04000000 /* Drop the request trailers when forwarding to the server */
#define PR_O_HTTP_DROP_RES_TRLS 0x08000000 /* Drop response trailers when forwarding to the client */
#define PR_O_TCPCHK_SSL 0x10000000 /* at least one TCPCHECK connect rule requires SSL */
/* unused: 0x10000000 */
#define PR_O_CONTSTATS 0x20000000 /* continuous counters */
/* unused: 0x40000000..0x80000000 */

1
include/haproxy/tcpcheck-t.h
View File

@ -108,6 +108,7 @@ enum tcpcheck_rule_type {
#define TCPCHK_FL_UNUSED_TCP_RS 0x00000001 /* An unused tcp-check ruleset exists for the current proxy */
#define TCPCHK_FL_UNUSED_HTTP_RS 0x00000002 /* An unused http-check ruleset exists for the current proxy */
#define TCPCHK_FL_UNUSED_RS 0x00000003 /* Mask for unused ruleset */
#define TCPCHK_FL_USE_SSL 0x00000004 /* tcp-check uses SSL connection */
#define TCPCHK_RULES_NONE 0x00000000
#define TCPCHK_RULES_DISABLE404 0x00000001 /* Disable a server on a 404 response wht HTTP health checks */

2
src/proxy.c
View File

@ -2542,7 +2542,7 @@ int proxy_finalize(struct proxy *px, int *err_code)
* if default-server have use_ssl, prerare ssl init
* without activating it */
if (newsrv->use_ssl == 1 || newsrv->check.use_ssl == 1 ||
(newsrv->proxy->options & PR_O_TCPCHK_SSL) ||
(newsrv->check.tcpcheck->flags & TCPCHK_FL_USE_SSL) ||
((newsrv->flags & SRV_F_DEFSRV_USE_SSL) && newsrv->use_ssl != 1)) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
cfgerr += xprt_get(XPRT_SSL)->prepare_srv(newsrv);

2
src/server.c
View File

@ -6262,7 +6262,7 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
/* ensure minconn/maxconn consistency */
srv_minmax_conn_apply(srv);
if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL) ||
if (srv->use_ssl == 1 || (srv->check.tcpcheck->flags & TCPCHK_FL_USE_SSL) ||
srv->check.use_ssl == 1) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
if (xprt_get(XPRT_SSL)->prepare_srv(srv))

2
src/tcpcheck.c
View File

@ -2839,7 +2839,7 @@ struct tcpcheck_rule *parse_tcpcheck_connect(char **args, int cur_arg, struct pr
conn_opts |= TCPCHK_OPT_LINGER;
#ifdef USE_OPENSSL
else if (strcmp(args[cur_arg], "ssl") == 0) {
px->options |= PR_O_TCPCHK_SSL;
px->tcpcheck.flags |= TCPCHK_FL_USE_SSL;
conn_opts |= TCPCHK_OPT_SSL;
}
else if (strcmp(args[cur_arg], "sni") == 0) {