BUG/MINOR: proto_reverse_connect: support SNI on active connect

SNI may be specify on a server line for connecting to the remote host.
This requires to manually set it on the connection via
ssl_sock_set_servername().

This step was missing when a server line was used for active reverse
HTTP. Fix this by adding the missing ssl_sock_set_servername()
invocation inside new_reverse_conn().

Note that for the moment, no session is instantiated to carry active
reverse connection. A direct consequence of this is that SNI sample
retrieval may crash depending if it depends on session parameters. This
should be fixed by a later commit. In the meantime, this patch is
sufficient to support simple SNI value such as constant expressions.

No need to backport.

src/proto_reverse_connect.c

@@ -10,8 +10,10 @@
 #include <haproxy/proto_tcp.h>
 #include <haproxy/protocol.h>
 #include <haproxy/proxy.h>
+#include <haproxy/sample.h>
 #include <haproxy/server.h>
 #include <haproxy/sock.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/task.h>
 
 #include <haproxy/proto_reverse_connect.h>
@@ -74,6 +76,18 @@ static struct connection *new_reverse_conn(struct listener *l, struct server *sr
 	if (conn->ctrl->connect(conn, 0) != SF_ERR_NONE)
 		goto err;
 
+#ifdef USE_OPENSSL
+	if (srv->ssl_ctx.sni) {
+		struct sample *sni_smp = NULL;
+		/* TODO remove NULL session which can cause crash depending on the SNI sample expr used. */
+		sni_smp = sample_fetch_as_type(srv->proxy, NULL, NULL,
+		                               SMP_OPT_DIR_REQ | SMP_OPT_FINAL,
+		                               srv->ssl_ctx.sni, SMP_T_STR);
+		if (smp_make_safe(sni_smp))
+			ssl_sock_set_servername(conn, sni_smp->data.u.str.area);
+	}
+#endif /* USE_OPENSSL */
+
 	if (conn_xprt_start(conn) < 0)
 		goto err;