MINOR: server: enable more keywords for ssl checks for dynamic servers

Allow to configure ssl support for dynamic server checks independently
of the ssl server configuration. This is done via the keyword
"check-ssl". Also enable to configure the sni/alpn used for the check
via "check-sni/alpn".

diff --git a/doc/management.txt b/doc/management.txt
index a7130716985fc9248ccf07b0345b3f47f7608182..254f604e7c390bfee94126792466f2168eef5083 100644 (file)
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -1507,8 +1507,11 @@ add server <backend>/<server> [args]*
   - backup
   - ca-file
   - check
+  - check-alpn
   - check-proto
   - check-send-proxy
+  - check-sni
+  - check-ssl
   - check-via-socks4
   - ciphers
   - ciphersuites

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 0ca8cab3196733e203116d83e558cfa9980f8884..09bcc64f728d6f3b6b15773b64609cb95317d956 100644 (file)
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1887,9 +1887,9 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
        { "allow-0rtt",              srv_parse_allow_0rtt,         0, 1, 1 }, /* Allow using early data on this server */
        { "alpn",                    srv_parse_alpn,               1, 1, 1 }, /* Set ALPN supported protocols */
        { "ca-file",                 srv_parse_ca_file,            1, 1, 1 }, /* set CAfile to process verify server cert */
-       { "check-alpn",              srv_parse_check_alpn,         1, 1, 0 }, /* Set ALPN used for checks */
-       { "check-sni",               srv_parse_check_sni,          1, 1, 0 }, /* set SNI */
-       { "check-ssl",               srv_parse_check_ssl,          0, 1, 0 }, /* enable SSL for health checks */
+       { "check-alpn",              srv_parse_check_alpn,         1, 1, 1 }, /* Set ALPN used for checks */
+       { "check-sni",               srv_parse_check_sni,          1, 1, 1 }, /* set SNI */
+       { "check-ssl",               srv_parse_check_ssl,          0, 1, 1 }, /* enable SSL for health checks */
        { "ciphers",                 srv_parse_ciphers,            1, 1, 1 }, /* select the cipher suite */
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
        { "ciphersuites",            srv_parse_ciphersuites,       1, 1, 1 }, /* select the cipher suite */

diff --git a/src/server.c b/src/server.c
index a39569ea15bd48150cd549a4e64f880bb11ae3e7..96c71fb5127e539d87b3fb212e849a5e382a55cf 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -4563,7 +4563,8 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
                goto out;
        }
 
-       if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL)) {
+       if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL) ||
+           srv->check.use_ssl == 1) {
                if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
                        if (xprt_get(XPRT_SSL)->prepare_srv(srv))
                                goto out;