From 6d3c3c78719cdd2bd0b271c2ef25b53e47e2d8d2 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Wed, 3 Sep 2025 14:28:58 +0200 Subject: [PATCH] BUG/MINOR: check: ensure check-reuse is compatible with SSL SSL may be activated implicitely if a server relies on SSL, even without check-ssl keyword. This is performed by init_srv_check() function. The main operation is to change xprt layer for check to SSL. Prior to this patch, check member was also set, despite not strictly necessary. This has a negative side-effect of rendering check-reuse-pool ineffective. Indeed, reuse on check is only performed if no specific check configuration has been specified (see tcpcheck_use_nondefault_connect()). This patch fixes check reuse with SSL : is not set in case SSL is inherited implicitely from server configuration. Thus, is now only set if an explicit check-ssl keyword is set, which disables connection reuse for check. This must be backported up to 3.2. --- src/check.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/check.c b/src/check.c index 186ddb019..03c85613f 100644 --- a/src/check.c +++ b/src/check.c @@ -1814,10 +1814,8 @@ int init_srv_check(struct server *srv) * specified. */ if (!srv->check.port && !is_addr(&srv->check.addr)) { - if (!srv->check.use_ssl && srv->use_ssl != -1) { - srv->check.use_ssl = srv->use_ssl; - srv->check.xprt = srv->xprt; - } + if (!srv->check.use_ssl && srv->use_ssl != -1) + srv->check.xprt = srv->xprt; else if (srv->check.use_ssl == 1) srv->check.xprt = xprt_get(XPRT_SSL); srv->check.send_proxy |= (srv->pp_opts);