Re: All "server" settings supported on "default-server" lines

Tue, 21 Mar 2017 12:10:38 -0700 



>From e6118524a2aaee921971a6be9020b75775507b52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecai...@haproxy.com>
Date: Mon, 13 Mar 2017 11:54:17 +0100
Subject: [PATCH 11/31]  MINOR: server: Make 'default-server' support 'ssl'
 keyword.
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4

 This patch makes 'default-server' directive support 'ssl' setting.
 A new keyword 'no-ssl' has been added to disable this setting both
 in 'server' and 'default-server' directives.
---
 src/ssl_sock.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 2066e30..3d1e444 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6588,6 +6588,15 @@ static int srv_parse_no_force_tlsv12(char **args, int *cur_arg, struct proxy *px
 #endif
 }
 
+/* parse the "no-ssl" server keyword */
+static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
+{
+	newsrv->use_ssl = 0;
+	free(newsrv->ssl_ctx.ciphers);
+	newsrv->ssl_ctx.ciphers = NULL;
+	return 0;
+}
+
 /* parse the "no-ssl-reuse" server keyword */
 static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
 {
@@ -7472,6 +7481,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
 	{ "no-force-tlsv10",       srv_parse_no_force_tlsv10, 0, 1 }, /* do not force TLSv10 */
 	{ "no-force-tlsv11",       srv_parse_no_force_tlsv11, 0, 1 }, /* do not force TLSv11 */
 	{ "no-force-tlsv12",       srv_parse_no_force_tlsv12, 0, 1 }, /* do not force TLSv12 */
+	{ "no-ssl",                srv_parse_no_ssl,          0, 1 }, /* disable SSL processing */
 	{ "no-ssl-reuse",          srv_parse_no_ssl_reuse,    0, 1 }, /* disable session reuse */
 	{ "no-sslv3",              srv_parse_no_sslv3,        0, 1 }, /* disable SSLv3 */
 	{ "no-tlsv10",             srv_parse_no_tlsv10,       0, 1 }, /* disable TLSv10 */
@@ -7481,7 +7491,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
 	{ "send-proxy-v2-ssl",     srv_parse_send_proxy_ssl,  0, 0 }, /* send PROXY protocol header v2 with SSL info */
 	{ "send-proxy-v2-ssl-cn",  srv_parse_send_proxy_cn,   0, 0 }, /* send PROXY protocol header v2 with CN */
 	{ "sni",                   srv_parse_sni,             1, 0 }, /* send SNI extension */
-	{ "ssl",                   srv_parse_ssl,             0, 0 }, /* enable SSL processing */
+	{ "ssl",                   srv_parse_ssl,             0, 1 }, /* enable SSL processing */
 	{ "ssl-reuse",             srv_parse_ssl_reuse,       0, 1 }, /* enable session reuse */
 	{ "sslv3",                 srv_parse_sslv3,           0, 1 }, /* enable SSLv3 */
 	{ "tlsv10",                srv_parse_tlsv10,          0, 1 }, /* enable TLSv10 */
-- 
2.1.4

Reply via email to