Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

2024-05-08 Thread William Manley
On Thu, Apr 25, 2024, at 2:07 PM, Amaury Denoyelle wrote: > Sorry for the delay. We have rediscussed this issue this morning and > here is my answer on your patch. Sorry for the even larger delay in responding :). Thanks for looking at this. > It is definitely legitimate to want to be able to

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

2024-04-25 Thread Amaury Denoyelle
Hi William ! Sorry for the delay. We have rediscussed this issue this morning and here is my answer on your patch. It is definitely legitimate to want to be able to use reverse HTTP without SSL on the server line. However, the way that haproxy currently uses idle connection is that at least the

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

2024-04-12 Thread William Manley
On Fri, Apr 12, 2024, at 4:01 PM, Amaury Denoyelle wrote: > I have a doubt though, will this kind of configuration really works ? I > though that for the moment if name parameter is specified, it is > mandatory to use a server with SSL+SNI. It may be mandatory according to the RFC, but I'm not

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

2024-04-12 Thread Willy Tarreau
On Fri, Apr 12, 2024 at 05:01:07PM +0200, Amaury Denoyelle wrote: > On Fri, Apr 12, 2024 at 03:37:56PM +0200, Willy Tarreau wrote: > > Hi! > > On Fri, Apr 12, 2024 at 02:29:30PM +0100, William Manley wrote: > > > An attach-srv config line usually looks like this: > > > > tcp-request session

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

2024-04-12 Thread William Manley
On Fri, Apr 12, 2024, at 2:37 PM, Willy Tarreau wrote: > Well, I consider that any valid (and useful) configuration must be > writable without a warning. So if you have a valid use case with a > different expression, here you still have no way to express it without > the warning. In this case I'd

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

2024-04-12 Thread Amaury Denoyelle
On Fri, Apr 12, 2024 at 03:37:56PM +0200, Willy Tarreau wrote: > Hi! > On Fri, Apr 12, 2024 at 02:29:30PM +0100, William Manley wrote: > > An attach-srv config line usually looks like this: > > > tcp-request session attach-srv be/srv name ssl_c_s_dn(CN) > > > The name is a key that is used

Re: [PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

2024-04-12 Thread Willy Tarreau
Hi! On Fri, Apr 12, 2024 at 02:29:30PM +0100, William Manley wrote: > An attach-srv config line usually looks like this: > > tcp-request session attach-srv be/srv name ssl_c_s_dn(CN) > > The name is a key that is used when looking up connections in the > connection pool. Without this patch

[PATCH] MINOR: config: rhttp: Downgrade error on attach-srv name parsing

2024-04-12 Thread William Manley
An attach-srv config line usually looks like this: tcp-request session attach-srv be/srv name ssl_c_s_dn(CN) The name is a key that is used when looking up connections in the connection pool. Without this patch you'd get an error if you passed anything other than "ssl_c_s_dn(CN)" as the