]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 33f05df) | patch
MEDIUM: checks: Implement ssl-hello check using tcp-check rules
authorChristopher Faulet <cfaulet@haproxy.com>
Wed, 1 Apr 2020 09:10:27 +0000 (11:10 +0200)
committerChristopher Faulet <cfaulet@haproxy.com>
Mon, 27 Apr 2020 07:39:38 +0000 (09:39 +0200)
commit811f78ced16931482bc31498e8acb22e1b680bde
treeccb2933bd53163ca6b6ca0ca18dbbc2de2608d19tree | snapshot
parent33f05df650b6b35ac2e3b2208ffea6aa3131a40bcommit | diff
MEDIUM: checks: Implement ssl-hello check using tcp-check rules

A shared tcp-check ruleset is now created to support ssl-hello check. This way
no extra memory is used if several backends use a ssl-hello check.

The following sequence is used :

    tcp-check send-binary SSLV3_CLIENT_HELLO log-format

    tcp-check expect rbinary "^1[56]" min-recv 5 \
        error-status "L6RSP" tout-status "L6TOUT"

SSLV3_CLIENT_HELLO is a log-format hexa string representing a SSLv3 CLIENT HELLO
packet. It is the same than the one used by the old ssl-hello except the sample
expression "%[date(),htonl,hex]" is used to set the date field.
include/proto/checks.h diff | blob | blame | history
include/types/checks.h diff | blob | blame | history
include/types/proxy.h diff | blob | blame | history
src/cfgparse-listen.c diff | blob | blame | history
src/cfgparse.c diff | blob | blame | history
src/checks.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git