From: Amaury Denoyelle Date: Mon, 20 Sep 2021 13:31:42 +0000 (+0200) Subject: BUG/MINOR: server: alloc dynamic srv ssl ctx if proxy uses ssl chk rule X-Git-Tag: v2.5-dev8~163 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b621552ca3f7b5196bea68a3dc0f3ed6e6a859b0;p=thirdparty%2Fhaproxy.git BUG/MINOR: server: alloc dynamic srv ssl ctx if proxy uses ssl chk rule The ssl context is not initialized for a dynamic server, even if there is a tcpcheck rule which uses ssl on the related backed. This will cause the check initialization to failed with the message : "Out of memory when initializing an SSL connection" This can be reproduced by having the following config in the backend : option tcp-check tcp-check connect ssl and create a dynamic server with check activated and a ca-file. Fix this by calling the prepare_srv xprt callback when the proxy options PR_O_TCPCKH_SSL is set. Check support for dynamic servers has been merged in the current branch. No backport needed. --- diff --git a/src/server.c b/src/server.c index 659805e123..a39569ea15 100644 --- a/src/server.c +++ b/src/server.c @@ -4563,7 +4563,7 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct goto out; } - if (srv->use_ssl == 1) { + if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL)) { if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) { if (xprt_get(XPRT_SSL)->prepare_srv(srv)) goto out;