mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 14:21:25 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: server: alloc dynamic srv ssl ctx if proxy uses ssl chk rule

Browse Source 
The ssl context is not initialized for a dynamic server, even if there
is a tcpcheck rule which uses ssl on the related backed. This will cause
the check initialization to failed with the message :
  "Out of memory when initializing an SSL connection"

This can be reproduced by having the following config in the backend :
  option tcp-check
  tcp-check connect ssl
and create a dynamic server with check activated and a ca-file.

Fix this by calling the prepare_srv xprt callback when the proxy options
PR_O_TCPCKH_SSL is set.

Check support for dynamic servers has been merged in the current branch.
No backport needed.
This commit is contained in:
Amaury Denoyelle 2021-09-20 15:31:42 +02:00
parent 0f456d5029
commit b621552ca3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/server.c
View File

@ -4563,7 +4563,7 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
goto out; goto out;
} }
if (srv->use_ssl == 1) { if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL)) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) { if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
if (xprt_get(XPRT_SSL)->prepare_srv(srv)) if (xprt_get(XPRT_SSL)->prepare_srv(srv))
goto out; goto out;