MEDIUM: backend: reuse connection if using a static sni

Detect if the sni used a constant value and if so, allow to reuse this connection for later sessions. Use a combination of SMP_USE_INTRN + !SMP_F_VOLATILE to consider a sample as a constant value. This features has been requested on github issue #371.
2026-05-04 20:46:11 +02:00 · 2020-10-15 16:41:09 +02:00 · 2020-10-15 16:41:09 +02:00 · 7239c24986
commit 7239c24986
parent 2f0a797631
2 changed files with 7 additions and 3 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -6646,8 +6646,9 @@ http-reuse { never | safe | aggressive | always }
    - connections made with "usesrc" followed by a client-dependent value
      ("client", "clientip", "hdr_ip") are marked private and never shared;

-    - connections sent to a server with a TLS SNI extension are marked private
-      and are never shared;
+    - connections sent to a server with a variable value as TLS SNI extension
+      are marked private and are never shared. This is not the case if the SNI
+      is guaranteed to be a constant, as for example using a literal string;

    - connections with certain bogus authentication schemes (relying on the
      connection) like NTLM are detected, marked private and are never shared;
--- a/src/backend.c
+++ b/src/backend.c
@ -1521,7 +1521,10 @@ int connect_server(struct stream *s)
 					   srv->ssl_ctx.sni, SMP_T_STR);
 		if (smp_make_safe(smp)) {
 			ssl_sock_set_servername(srv_conn, smp->data.u.str.area);
-			conn_set_private(srv_conn);
+			if (!(srv->ssl_ctx.sni->fetch->use & SMP_USE_INTRN) ||
+			    smp->flags & SMP_F_VOLATILE) {
+				conn_set_private(srv_conn);
+			}
 		}
 	}
 #endif /* USE_OPENSSL */