MEDIUM: backend: reuse connection if using a static sni

Detect if the sni used a constant value and if so, allow to reuse this
connection for later sessions. Use a combination of SMP_USE_INTRN +
!SMP_F_VOLATILE to consider a sample as a constant value.

This features has been requested on github issue #371.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 6a90bfadbf158d3ebb7becd541961c5f9f688d53..678d2ee2672a3fb79c60a108162a628ea89a43f3 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -6646,8 +6646,9 @@ http-reuse { never | safe | aggressive | always }
     - connections made with "usesrc" followed by a client-dependent value
       ("client", "clientip", "hdr_ip") are marked private and never shared;
 
-    - connections sent to a server with a TLS SNI extension are marked private
-      and are never shared;
+    - connections sent to a server with a variable value as TLS SNI extension
+      are marked private and are never shared. This is not the case if the SNI
+      is guaranteed to be a constant, as for example using a literal string;
 
     - connections with certain bogus authentication schemes (relying on the
       connection) like NTLM are detected, marked private and are never shared;

diff --git a/src/backend.c b/src/backend.c
index 789becee25dab00eedea110a59a6f12e07dec2bb..ba642d9582cb0561bd63e6d8120d264d418396ca 100644 (file)
--- a/src/backend.c
+++ b/src/backend.c
@@ -1521,7 +1521,10 @@ int connect_server(struct stream *s)
                                           srv->ssl_ctx.sni, SMP_T_STR);
                if (smp_make_safe(smp)) {
                        ssl_sock_set_servername(srv_conn, smp->data.u.str.area);
-                       conn_set_private(srv_conn);
+                       if (!(srv->ssl_ctx.sni->fetch->use & SMP_USE_INTRN) ||
+                           smp->flags & SMP_F_VOLATILE) {
+                               conn_set_private(srv_conn);
+                       }
                }
        }
 #endif /* USE_OPENSSL */