Hello,
This patchset is an attempt to add a new command for configure ssl on
server at runtime:
- the first patch adds the possibility to observe the change on a `show
servers state`.
- the two next ones are only here to prepare the last one to add the
command. I added them separatly to facil
in the context of a progressive migration, we want to be able to
activate SSL ciphering on outgoing connections to the server at runtime
without reloading.
This patch adds a `set server ssl` command to allow that:
- call common `srv_init_sslctx` from previous commit rework
- call `prepare_srv` to
this will be useful if we want to be able to call it at runtime through
the CLI. Not 100% mandatory but might be a good protection for future
use.
Signed-off-by: William Dauchy
---
src/ssl_sock.c | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/ssl_sock.c
so we can reuse it later
Signed-off-by: William Dauchy
---
include/haproxy/server.h | 1 +
src/cfgparse-ssl.c | 32 +++-
src/server.c | 22 ++
3 files changed, 26 insertions(+), 29 deletions(-)
diff --git a/include/haproxy/serve
The aim is to be able to hot change `ssl` parameter for each server.
Signed-off-by: William Dauchy
---
doc/management.txt | 1 +
include/haproxy/server-t.h | 3 ++-
src/proxy.c| 5 +++--
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/doc/management.txt b/d
Hi Tim,
Thank you for your answer.
On Sun, Oct 4, 2020 at 12:46 PM Tim Düsterhus wrote:
> This commit fails to build if USE_OPENSSL is not defined.
good catch, I wrongly split my patch. fixed in v2.
--
William
Hi Tim,
Thanks for your answer.
On Sun, Oct 4, 2020 at 12:38 PM Tim Düsterhus wrote:
> > - srvrecord ? srvrecord : "-");
> > + srvrecord ? srvrecord : "-",
> > srv->use_ssl);
>
> But here you don't. From what I am seeing the line
William,
Am 03.10.20 um 23:15 schrieb William Dauchy:
> so we can reuse it later
>
> Signed-off-by: William Dauchy
> ---
> include/haproxy/server.h | 1 +
> src/cfgparse-ssl.c | 31 ++-
> src/server.c | 21 +
> 3 files changed,
William,
Am 03.10.20 um 23:15 schrieb William Dauchy:
> index 18cdf426e..fffd841f8 100644
> --- a/src/proxy.c
> +++ b/src/proxy.c
> @@ -1930,14 +1930,15 @@ static int dump_servers_state(struct stream_interface
> *si)
>"%d %s %s "
>
9 matches
Mail list logo