git.kaiwu.me - haproxy.git/commit

]> git.kaiwu.me - haproxy.git/commit

projects / haproxy.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: a8ecbc4) | patch

author	Christopher Faulet <cfaulet@haproxy.com>
	Wed, 1 Dec 2021 08:50:41 +0000 (09:50 +0100)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Wed, 1 Dec 2021 10:47:08 +0000 (11:47 +0100)
commit	4ab2679689c02882d9ea743ab0c458cd0c3b5388
tree	613736a088a2c88fee0e6486962bd5e0b9872a88	tree \| snapshot
parent	a8ecbc45441d0e0568af582626dfab7a28dd050c	commit \| diff

BUG/MINOR: server: Don't rely on last default-server to init server SSL context

During post-parsing stage, the SSL context of a server is initialized if SSL
is configured on the server or its default-server. It is required to be able
to enable SSL at runtime. However a regression was introduced, because the
last parsed default-server is used. But it is not necessarily the
default-server line used to configure the server. This may lead to
erroneously initialize the SSL context for a server without SSL parameter or
the skip it while it should be done.

The problem is the default-server used to configure a server is not saved
during configuration parsing. So, the information is lost during the
post-parsing. To fix the bug, the SRV_F_DEFSRV_USE_SSL flag is
introduced. It is used to know when a server was initialized with a
default-server using SSL.

For the record, the commit f63704488e ("MEDIUM: cli/ssl: configure ssl on
server at runtime") has introduced the bug.

This patch must be backported as far as 2.4.

include/haproxy/server-t.h		diff \| blob \| history
reg-tests/server/cli_set_ssl.vtc		diff \| blob \| history
src/cfgparse.c		diff \| blob \| history
src/server.c		diff \| blob \| history

haproxy upstream