mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-20 21:31:28 +02:00
Code Issues Projects Releases Wiki Activity

OPTIM: proto_rhttp: Don't set SNI for non-ssl connections

Browse Source 
There is no reason to set the SNI for non-ssl connections. It is not really
an issue because ssl_sock_set_servername() function will do nothing. But
there is no reason to uselessly evaluate an expression.

No backport needed, because there is no bug.
This commit is contained in:
Christopher Faulet 2025-09-03 16:47:00 +02:00
parent 52866349a1
commit ef07d3511a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/proto_rhttp.c
View File

@ -98,7 +98,7 @@ static struct connection *new_reverse_conn(struct listener *l, struct server *sr
goto err; goto err;
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
if (srv->ssl_ctx.sni) { if (conn_is_ssl(conn) && srv->ssl_ctx.sni) {
struct sample *sni_smp = NULL; struct sample *sni_smp = NULL;
/* TODO remove NULL session which can cause crash depending on the SNI sample expr used. */ /* TODO remove NULL session which can cause crash depending on the SNI sample expr used. */
sni_smp = sample_fetch_as_type(srv->proxy, sess, NULL, sni_smp = sample_fetch_as_type(srv->proxy, sess, NULL,