diff --git a/include/haproxy/server.h b/include/haproxy/server.h index 99d26ba0d..b7195cbd2 100644 --- a/include/haproxy/server.h +++ b/include/haproxy/server.h @@ -62,6 +62,7 @@ struct server *new_server(struct proxy *proxy); void srv_take(struct server *srv); struct server *srv_drop(struct server *srv); int srv_init_per_thr(struct server *srv); +void srv_set_ssl(struct server *s, int use_ssl); /* functions related to server name resolution */ int srv_prepare_for_resolution(struct server *srv, const char *hostname); diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h index f3afe617b..2fdf8e226 100644 --- a/include/haproxy/ssl_sock.h +++ b/include/haproxy/ssl_sock.h @@ -73,7 +73,6 @@ const char *ssl_sock_get_proto_version(struct connection *conn); int ssl_sock_parse_alpn(char *arg, char **alpn_str, int *alpn_len, char **err); void ssl_sock_set_alpn(struct connection *conn, const unsigned char *, int); void ssl_sock_set_servername(struct connection *conn, const char *hostname); -void ssl_sock_set_srv(struct server *s, signed char use_ssl); int ssl_sock_get_cert_used_sess(struct connection *conn); int ssl_sock_get_cert_used_conn(struct connection *conn); diff --git a/src/server.c b/src/server.c index 5d6e4b138..73454bc4f 100644 --- a/src/server.c +++ b/src/server.c @@ -36,7 +36,6 @@ #include #include #include -#include #include #include #include @@ -1977,7 +1976,25 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) } } } -#endif + +/* Activate ssl on server . + * do nothing if there is no change to apply + * + * Must be called with the server lock held. + */ +void srv_set_ssl(struct server *s, int use_ssl) +{ + if (s->use_ssl == use_ssl) + return; + + s->use_ssl = use_ssl; + if (s->use_ssl) + s->xprt = xprt_get(XPRT_SSL); + else + s->xprt = s->check.xprt = s->agent.xprt = xprt_get(XPRT_RAW); +} + +#endif /* USE_OPENSSL */ /* * Prepare for hostname resolution. @@ -4144,9 +4161,9 @@ static int cli_parse_set_server(char **args, char *payload, struct appctx *appct HA_SPIN_LOCK(SERVER_LOCK, &sv->lock); if (strcmp(args[4], "on") == 0) { - ssl_sock_set_srv(sv, 1); + srv_set_ssl(sv, 1); } else if (strcmp(args[4], "off") == 0) { - ssl_sock_set_srv(sv, 0); + srv_set_ssl(sv, 0); } else { HA_SPIN_UNLOCK(SERVER_LOCK, &sv->lock); cli_err(appctx, "'set server ssl' expects 'on' or 'off'.\n"); diff --git a/src/server_state.c b/src/server_state.c index b9ae9edac..a831d5710 100644 --- a/src/server_state.c +++ b/src/server_state.c @@ -26,7 +26,6 @@ #include #include #include -#include #include #include @@ -447,7 +446,7 @@ static void srv_state_srv_update(struct server *srv, int version, char **params) /* configure ssl if connection has been initiated at startup */ if (srv->ssl_ctx.ctx != NULL) - ssl_sock_set_srv(srv, use_ssl); + srv_set_ssl(srv, use_ssl); #endif } diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 8f7000d07..ae28bca0d 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -7696,22 +7696,6 @@ static void __ssl_sock_deinit(void) BIO_meth_free(ha_meth); } -/* Activate ssl on server . - * do nothing if there is no change to apply - * - * Must be called with the server lock held. - */ -void ssl_sock_set_srv(struct server *s, signed char use_ssl) -{ - if (s->use_ssl == use_ssl) - return; - - s->use_ssl = use_ssl; - if (s->use_ssl == 1) - s->xprt = &ssl_sock; - else - s->xprt = s->check.xprt = s->agent.xprt = xprt_get(XPRT_RAW); -} /* * Local variables: