short status, code; /* check result, check code */
unsigned short port; /* the port to use for the health checks */
char desc[HCHK_DESC_LEN]; /* health check description */
- int use_ssl; /* use SSL for health checks */
+ char use_ssl; /* use SSL for health checks (1: on, 0: server mode, -1: off) */
int send_proxy; /* send a PROXY protocol header with checks */
struct list *tcpcheck_rules; /* tcp-check send / expect rules */
struct tcpcheck_rule *current_step; /* current step when using tcpcheck */
enum obj_type obj_type; /* object type == OBJ_TYPE_SERVER */
enum srv_state next_state, cur_state; /* server state among SRV_ST_* */
enum srv_admin next_admin, cur_admin; /* server maintenance status : SRV_ADMF_* */
- unsigned char use_ssl; /* ssl enabled */
+ char use_ssl; /* ssl enabled (1: on, 0: disabled, -1 forced off) */
unsigned int pp_opts; /* proxy protocol options (SRV_PP_*) */
struct server *next;
int cklen; /* the len of the cookie, to speed up checks */
}
/* this will also properly set the transport layer for prod and checks */
- if (newsrv->use_ssl || newsrv->check.use_ssl) {
+ if (newsrv->use_ssl == 1 || newsrv->check.use_ssl == 1 || (newsrv->proxy->options & PR_O_TCPCHK_SSL)) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
cfgerr += xprt_get(XPRT_SSL)->prepare_srv(newsrv);
}
p = curpeers->remote;
while (p) {
if (p->srv) {
- if (p->srv->use_ssl && xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
+ if (p->srv->use_ssl == 1 && xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
cfgerr += xprt_get(XPRT_SSL)->prepare_srv(p->srv);
}
p = p->next;
default:
/* good connection is enough for pure TCP check */
if (!(conn->flags & CO_FL_WAIT_XPRT) && !check->type) {
- if (check->use_ssl)
+ if (check->use_ssl == 1)
set_server_check_status(check, HCHK_STATUS_L6OK, NULL);
else
set_server_check_status(check, HCHK_STATUS_L4OK, NULL);
if (check->result == CHK_RES_UNKNOWN) {
/* good connection is enough for pure TCP check */
if (!(conn->flags & CO_FL_WAIT_XPRT) && !check->type) {
- if (check->use_ssl)
+ if (check->use_ssl == 1)
set_server_check_status(check, HCHK_STATUS_L6OK, NULL);
else
set_server_check_status(check, HCHK_STATUS_L4OK, NULL);
* default, unless one is specified.
*/
if (!chk->port && !is_addr(&chk->addr)) {
- chk->use_ssl |= (srv->use_ssl || (srv->proxy->options & PR_O_TCPCHK_SSL));
+ if (!chk->use_ssl)
+ chk->use_ssl = srv->use_ssl;
chk->send_proxy |= (srv->pp_opts);
}
free(s->available_conns);
free(s->curr_idle_thr);
- if (s->use_ssl || s->check.use_ssl) {
+ if (s->use_ssl == 1 || s->check.use_ssl == 1 || (s->proxy->options & PR_O_TCPCHK_SSL)) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->destroy_srv)
xprt_get(XPRT_SSL)->destroy_srv(s);
}
return cfgerr;
}
}
- if (srv->use_ssl)
+ if (srv->use_ssl == 1)
srv->xprt = &ssl_sock;
- if (srv->check.use_ssl)
+ if (srv->check.use_ssl == 1)
srv->check.xprt = &ssl_sock;
ctx = SSL_CTX_new(SSLv23_client_method());
/* parse the "no-check-ssl" server keyword */
static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{
- newsrv->check.use_ssl = 0;
+ newsrv->check.use_ssl = -1;
free(newsrv->ssl_ctx.ciphers);
newsrv->ssl_ctx.ciphers = NULL;
newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
/* parse the "no-ssl" server keyword */
static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{
- newsrv->use_ssl = 0;
+ newsrv->use_ssl = -1;
free(newsrv->ssl_ctx.ciphers);
newsrv->ssl_ctx.ciphers = NULL;
return 0;
projects / thirdparty / haproxy.git / commitdiff
