On Thu, Oct 29, 2020 at 01:17:56PM +0100, William Dauchy wrote: > in the context of a progressive backend migration, we want to be able to > activate SSL on outgoing connections to the server at runtime without > reloading. > This patch adds a `set server ssl` command; in order to allow that: > > - add `srv_use_ssl` to `show servers state` command for compatibility, > also update associated parsing > - when using default-server ssl setting, and `no-ssl` on server line, > init SSL ctx without activating it > - when triggering ssl API, de/activate SSL connections as requested > - clean ongoing connections as it is done for addr/port changes, without > checking prior server state > > example config: > > backend be_foo > default-server ssl > server srv0 127.0.0.1:6011 weight 1 no-ssl > > show servers state: > > 5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - -1 > > where srv0 can switch to ssl later during the runtime: > > set server be_foo/srv0 ssl on > > 5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - 1 > > Signed-off-by: William Dauchy <[email protected]>
Looks good. I think a VTC file which tests this feature could also be a good idea, so we don't break this accidentaly. Thanks! -- William Lallemand
