From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 13 Dec 2022 17:17:44 +0000 (+0100)
Subject: BUG/MINOR: startup: don't use internal proxies to compute the maxconn
X-Git-Tag: v2.8-dev1~139
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0adafb307eacd75ad0305f996c07668f470da1e4;p=thirdparty%2Fhaproxy.git

BUG/MINOR: startup: don't use internal proxies to compute the maxconn

With internal proxies using the SSL activated (httpclient for example)
the automatic computation of the maxconn is wrong because these proxies
are always activated by default.

This patch fixes the issue by not counting these internal proxies during
the computation.

Must be backported as far as 2.5.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0b8cfb8830..cbc1eb94b4 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5229,8 +5229,10 @@ int ssl_sock_prepare_srv_ctx(struct server *srv)
 {
 	int cfgerr = 0;
 	SSL_CTX *ctx;
-	/* Automatic memory computations need to know we use SSL there */
-	global.ssl_used_backend = 1;
+	/* Automatic memory computations need to know we use SSL there
+	 * If this is an internal proxy, don't use it for the computation */
+	if (!(srv->proxy && srv->proxy->cap & PR_CAP_INT))
+		global.ssl_used_backend = 1;
 
 	/* Initiate SSL context for current server */
 	if (!srv->ssl_ctx.reused_sess) {