[PATCH v2 0/4] add set server ssl command

Hello, This patchset is an attempt to add a new command for configure ssl on server at runtime: - the first patch adds the possibility to observe the change on a `show servers state`. - the two next ones are only here to prepare the last one to add the command. I added them separatly to facil

[PATCH v2 4/4] MINOR: cli/ssl: configure ssl on server at runtime

in the context of a progressive migration, we want to be able to activate SSL ciphering on outgoing connections to the server at runtime without reloading. This patch adds a `set server ssl` command to allow that: - call common `srv_init_sslctx` from previous commit rework - call `prepare_srv` to

[PATCH v2 2/4] MINOR: ssl: protect ssl_sock_prepare_srv_ctx from double ctx allocation

this will be useful if we want to be able to call it at runtime through the CLI. Not 100% mandatory but might be a good protection for future use. Signed-off-by: William Dauchy --- src/ssl_sock.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/ssl_sock.c

[PATCH v2 3/4] MINOR: ssl: create common ssl_ctx init

so we can reuse it later Signed-off-by: William Dauchy --- include/haproxy/server.h | 1 + src/cfgparse-ssl.c | 32 +++- src/server.c | 22 ++ 3 files changed, 26 insertions(+), 29 deletions(-) diff --git a/include/haproxy/serve

[PATCH v2 1/4] MINOR: cli/proxy: add `srv_use_ssl` to `show servers state`

The aim is to be able to hot change `ssl` parameter for each server. Signed-off-by: William Dauchy --- doc/management.txt | 1 + include/haproxy/server-t.h | 3 ++- src/proxy.c| 5 +++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/doc/management.txt b/d

Re: [PATCH 3/4] MINOR: ssl: create common ssl_ctx init

Hi Tim, Thank you for your answer. On Sun, Oct 4, 2020 at 12:46 PM Tim Düsterhus wrote: > This commit fails to build if USE_OPENSSL is not defined. good catch, I wrongly split my patch. fixed in v2. -- William

Re: [PATCH 1/4] MINOR: cli/proxy: add `srv_use_ssl` to `show servers state`

Hi Tim, Thanks for your answer. On Sun, Oct 4, 2020 at 12:38 PM Tim Düsterhus wrote: > > - srvrecord ? srvrecord : "-"); > > + srvrecord ? srvrecord : "-", > > srv->use_ssl); > > But here you don't. From what I am seeing the line

Re: [PATCH 3/4] MINOR: ssl: create common ssl_ctx init

William, Am 03.10.20 um 23:15 schrieb William Dauchy: > so we can reuse it later > > Signed-off-by: William Dauchy > --- > include/haproxy/server.h | 1 + > src/cfgparse-ssl.c | 31 ++- > src/server.c | 21 + > 3 files changed,

Re: [PATCH 1/4] MINOR: cli/proxy: add `srv_use_ssl` to `show servers state`

William, Am 03.10.20 um 23:15 schrieb William Dauchy: > index 18cdf426e..fffd841f8 100644 > --- a/src/proxy.c > +++ b/src/proxy.c > @@ -1930,14 +1930,15 @@ static int dump_servers_state(struct stream_interface > *si) >"%d %s %s " >