mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-29 14:50:59 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: server: enable more keywords for ssl checks for dynamic servers

Browse Source 
Allow to configure ssl support for dynamic server checks independently
of the ssl server configuration. This is done via the keyword
"check-ssl". Also enable to configure the sni/alpn used for the check
via "check-sni/alpn".
This commit is contained in:
Amaury Denoyelle 2021-09-20 15:15:19 +02:00
parent b621552ca3
commit 79b90e8cd4
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/management.txt
View File

@ -1507,8 +1507,11 @@ add server <backend>/<server> [args]*
- backup - backup
- ca-file - ca-file
- check - check
- check-alpn
- check-proto - check-proto
- check-send-proxy - check-send-proxy
- check-sni
- check-ssl
- check-via-socks4 - check-via-socks4
- ciphers - ciphers
- ciphersuites - ciphersuites

6
src/cfgparse-ssl.c
View File

@ -1887,9 +1887,9 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
{ "allow-0rtt", srv_parse_allow_0rtt, 0, 1, 1 }, /* Allow using early data on this server */ { "allow-0rtt", srv_parse_allow_0rtt, 0, 1, 1 }, /* Allow using early data on this server */
{ "alpn", srv_parse_alpn, 1, 1, 1 }, /* Set ALPN supported protocols */ { "alpn", srv_parse_alpn, 1, 1, 1 }, /* Set ALPN supported protocols */
{ "ca-file", srv_parse_ca_file, 1, 1, 1 }, /* set CAfile to process verify server cert */ { "ca-file", srv_parse_ca_file, 1, 1, 1 }, /* set CAfile to process verify server cert */
{ "check-alpn", srv_parse_check_alpn, 1, 1, 0 }, /* Set ALPN used for checks */ { "check-alpn", srv_parse_check_alpn, 1, 1, 1 }, /* Set ALPN used for checks */
{ "check-sni", srv_parse_check_sni, 1, 1, 0 }, /* set SNI */ { "check-sni", srv_parse_check_sni, 1, 1, 1 }, /* set SNI */
{ "check-ssl", srv_parse_check_ssl, 0, 1, 0 }, /* enable SSL for health checks */ { "check-ssl", srv_parse_check_ssl, 0, 1, 1 }, /* enable SSL for health checks */
{ "ciphers", srv_parse_ciphers, 1, 1, 1 }, /* select the cipher suite */ { "ciphers", srv_parse_ciphers, 1, 1, 1 }, /* select the cipher suite */
#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
{ "ciphersuites", srv_parse_ciphersuites, 1, 1, 1 }, /* select the cipher suite */ { "ciphersuites", srv_parse_ciphersuites, 1, 1, 1 }, /* select the cipher suite */

3
src/server.c
View File

@ -4563,7 +4563,8 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
goto out; goto out;
} }
if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL)) { if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL) ||
srv->check.use_ssl == 1) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) { if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
if (xprt_get(XPRT_SSL)->prepare_srv(srv)) if (xprt_get(XPRT_SSL)->prepare_srv(srv))
goto out; goto out;