BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified

When a check port or a check address is specified, the check transport layer is
ignored. So it is impossible to do a SSL check in this case. This bug was
introduced by the commit 8892e5d30 ("BUG/MEDIUM: server/checks: Init server
check during config validity check").

This patch should fix the issue #643. It must be backported to all branches
where the above commit was backported.

diff --git a/reg-tests/checks/tls_health_checks.vtc b/reg-tests/checks/tls_health_checks.vtc
index c7e39c5fd9d90a24aa380db6459e794b1be4509f..cd9290ddd9b36b860366b078989698ff60d85e6e 100644 (file)
--- a/reg-tests/checks/tls_health_checks.vtc
+++ b/reg-tests/checks/tls_health_checks.vtc
@@ -19,13 +19,19 @@ server s1 {
 server s2 {
 } -start
 
+server s3 {
+    rxreq
+    expect req.method == OPTIONS
+    expect req.url == *
+    expect req.proto == HTTP/1.1
+    txresp
+} -start
+
 syslog S1 -level notice {
     recv
     expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy fe1 started."
     recv info
     expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 200 [[:digit:]]+ - - ---- .* \"OPTIONS \\* HTTP/1.1\""
-    recv info
-    expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 504 [[:digit:]]+ - - sH-- .* \"OPTIONS \\* HTTP/1.1\""
 } -start
 
 haproxy h1 -conf {
@@ -44,6 +50,9 @@ haproxy h1 -conf {
     backend be2
         server srv2 ${s2_addr}:${s2_port}
 
+    backend be3
+        server srv3 ${s3_addr}:${s3_port}
+
     frontend fe1
         option httplog
         log ${S1_addr}:${S1_port} len 2048 local0 debug err
@@ -54,6 +63,11 @@ haproxy h1 -conf {
         option tcplog
         bind "fd@${fe2}" ssl crt ${testdir}/common.pem
         use_backend be2
+
+    frontend fe3
+        option httplog
+        bind "fd@${fe3}" ssl crt ${testdir}/common.pem
+        use_backend be3
 } -start
 
 syslog S2 -level notice {
@@ -61,8 +75,6 @@ syslog S2 -level notice {
     expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be2 started."
     recv
     expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
-    recv
-    expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 failed, reason: Layer7 wrong status.+code: 504.+info: \"Gateway Time-out\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
 } -start
 
 syslog S4 -level notice {
@@ -72,6 +84,13 @@ syslog S4 -level notice {
     expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be4/srv2 succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
 } -start
 
+syslog S6 -level notice {
+    recv
+    expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be6 started."
+    recv
+    expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be6/srv3 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
+} -start
+
 haproxy h2 -conf {
     global
         tune.ssl.default-dh-param 2048
@@ -92,10 +111,16 @@ haproxy h2 -conf {
         option log-health-checks
         log ${S4_addr}:${S4_port} daemon
         server srv2 ${h1_fe2_addr}:${h1_fe2_port} ssl crt ${testdir}/common.pem verify none check-ssl check
+
+    backend be6
+        option log-health-checks
+        option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
+        log ${S6_addr}:${S6_port} daemon
+        server srv3 127.0.0.1:80 crt ${testdir}/common.pem verify none check check-ssl port ${h1_fe3_port} addr ${h1_fe3_addr}
 } -start
 
 syslog S1 -wait
 
 syslog S2 -wait
 syslog S4 -wait
-
+syslog S6 -wait

diff --git a/src/checks.c b/src/checks.c
index 74b0fc85f8205a213719e0c465e4ee659fe2bcf5..01a27f87e693264ec02c1dfb1f6b47c272b50139 100644 (file)
--- a/src/checks.c
+++ b/src/checks.c
@@ -5294,6 +5294,8 @@ static int init_srv_check(struct server *srv)
                        srv->check.xprt = xprt_get(XPRT_SSL);
                srv->check.send_proxy |= (srv->pp_opts);
        }
+       else if (srv->check.use_ssl == 1)
+               srv->check.xprt = xprt_get(XPRT_SSL);
 
        /* Inherit the mux protocol from the server if not already defined for
         * the check