DEBUG: ssl: make sure we never change a servername on established connections

Since this case was already met previously with commit 655dec81b
("BUG/MINOR: backend: do not set sni on connection reuse"), let's make
sure that we don't change reused connection settings. This could be
generalized to most settings that are only in effect before the handshake
in fact (like set_alpn and a few other ones).

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 57cb7c7f320e1079e402bed4963c4e88e76d2bc9..1fa7374db0716a932f023bf20f85c53c6a8465a2 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6604,6 +6604,10 @@ void ssl_sock_set_servername(struct connection *conn, const char *hostname)
 
        if (!conn_is_ssl(conn))
                return;
+
+       BUG_ON(!(conn->flags & CO_FL_WAIT_L6_CONN));
+       BUG_ON(!(conn->flags & CO_FL_SSL_WAIT_HS));
+
        ctx = conn->xprt_ctx;
        s = __objt_server(conn->target);