From: Olivier Houchard Date: Mon, 24 Jun 2019 16:19:40 +0000 (+0200) Subject: BUG/MEDIUM: connections: Always add the xprt handshake if needed. X-Git-Tag: v2.1-dev1~60 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6c6dc58da0dd868dd8ac3e8c7aa623d1bd4ddc40;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: connections: Always add the xprt handshake if needed. In connect_server(), we used to only call xprt_add_hs() if CO_FL_SEND_PROXY was set during the function call, we would not do it if the flag was set before connect_server() was called. The rational at the time was if the flag was already set, then the XPRT was already present. But now the xprt_handshake always removes itself, so we have to re-add it each time, or it wouldn't be done if the first connection attempt failed. While I'm there, check any non-ssl handshake flag, instead of just CO_FL_SEND_PROXY, or we'd miss the SOCKS4 flags. This should be backported to 2.0. --- diff --git a/src/backend.c b/src/backend.c index bff71aba40..37a67c9048 100644 --- a/src/backend.c +++ b/src/backend.c @@ -1213,7 +1213,6 @@ int connect_server(struct stream *s) int reuse_orphan = 0; int init_mux = 0; int alloced_cs = 0; - int flags_hs = 0; int err; @@ -1484,7 +1483,6 @@ int connect_server(struct stream *s) return SF_ERR_INTERNAL; } - flags_hs = srv_conn->flags & CO_FL_HANDSHAKE_NOSSL; if (!conn_xprt_ready(srv_conn) && !srv_conn->mux) { /* set the correct protocol on the output stream interface */ if (srv) @@ -1595,7 +1593,7 @@ int connect_server(struct stream *s) /* The CO_FL_SEND_PROXY flag may have been set by the connect method, * if so, add our handshake pseudo-XPRT now. */ - if (!flags_hs && (srv_conn->flags & CO_FL_SEND_PROXY)) { + if ((srv_conn->flags & CO_FL_HANDSHAKE_NOSSL)) { if (xprt_add_hs(srv_conn) < 0) { conn_full_close(srv_conn); return SF_ERR_INTERNAL;