From: Olivier Houchard <ohouchard@haproxy.com>
Date: Tue, 29 Jan 2019 15:37:52 +0000 (+0100)
Subject: BUG/MEDIUM: checks: Don't try to set ALPN if connection failed.
X-Git-Tag: v2.0-dev1~119
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a48437bb5e64e04159e320b99ae983f42c2abcb6;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: checks: Don't try to set ALPN if connection failed.

If we failed to connect, don't attempt to set the ALPN, as we don't have
a SSL context, anyway.

This should be backported to 1.9.
---

diff --git a/src/checks.c b/src/checks.c
index 78d4e390b6..e4c7a4896d 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -1641,11 +1641,13 @@ static int connect_conn_chk(struct task *t)
 
 
 #ifdef USE_OPENSSL
-	if (s->check.sni)
-		ssl_sock_set_servername(conn, s->check.sni);
-	if (s->check.alpn_str)
-		ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str,
-		    s->check.alpn_len);
+	if (ret == SF_ERR_NONE) {
+		if (s->check.sni)
+			ssl_sock_set_servername(conn, s->check.sni);
+		if (s->check.alpn_str)
+			ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str,
+			    s->check.alpn_len);
+	}
 #endif
 	if (s->check.send_proxy && !(check->state & CHK_ST_AGENT)) {
 		conn->send_proxy_ofs = 1;