Hello, This patchset is an attempt to add a new command for configure ssl on server at runtime:
- the first patch is a simple preparation work - the second one is adding the new command. Now that I understand how ssl backend connections are initialized, I change it to: init SSL connection at startup. The command is only here to de/activate the SSL connection. remaining questions/comments: - to follow up the work done on `show stats` with weight done by Willy, I was thinking to display use_ssl in that command as well, completely removing the use of `show servers state` for our own use case. Would you accept such a patch? - I took the liberty to allow the command regardless of the server state to be coherent with addr/port change. I also clean connections each time we trigger the command. --- changed in v2: - patch1/4: reorder parameters to match format string - patch3/4: reorder includes, error introduced while splitting my patch. changed in v3: - reorg to allow build without USE_OPENSSL changed in v4: - init SSL ctx at process startup at it could not work because SSL functions are accessing filesystem - slightly change no-ssl keyword behaviour to allow SSL connection init, when being used with a default-server ssl setting William Dauchy (2): MINOR: ssl: create common ssl_ctx init MEDIUM: cli/ssl: configure ssl on server at runtime doc/configuration.txt | 4 ++ doc/management.txt | 4 ++ include/haproxy/server-t.h | 7 ++- include/haproxy/ssl_sock.h | 1 + .../checks/1be_40srv_odd_health_checks.vtc | 2 +- .../checks/40be_2srv_odd_health_checks.vtc | 2 +- reg-tests/checks/4be_1srv_health_checks.vtc | 6 +- src/cfgparse-ssl.c | 59 +++++++++---------- src/cfgparse.c | 9 ++- src/proxy.c | 5 +- src/server.c | 41 ++++++++++++- src/ssl_sock.c | 17 ++++++ 12 files changed, 111 insertions(+), 46 deletions(-) -- 2.28.0
