git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Christopher Faulet <cfaulet@haproxy.com>
	Wed, 3 Sep 2025 13:29:56 +0000 (15:29 +0200)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Fri, 5 Sep 2025 13:56:08 +0000 (15:56 +0200)
commit	f8f94ffc9c26bb8c2ff261972ce2f6c4fd731f6d
tree	cfb524054d7275ba615e39d08a5b8afade9012d9	tree \| snapshot
parent	086a248645c8edca681adba50b34d9970e455a98	commit \| diff

BUG/MEDIUM: server: Use sni as pool connection name for SSL server only

By default, for a given server, when no pool-conn-name is specified, the
configured sni is used. However, this must only be done when SSL is in-use
for the server. Of course, it is uncommon to have a sni expression for
now-ssl server. But this may happen.

In addition, the SSL may be disabled via the CLI. In that case, the
pool-conn-name must be discarded if it was copied from the sni. And, we must
of course take care to set it if the ssl is enabled.

Finally, when the attac-srv action is checked, we now checked the
pool-conn-name expression.

This patch should be backported as far as 3.0. It relies on "MINOR: server:
Parse sni and pool-conn-name expressions in a dedicated function" which
should be backported too.

include/haproxy/server.h		diff \| blob \| blame \| history
src/server.c		diff \| blob \| blame \| history
src/server_state.c		diff \| blob \| blame \| history
src/tcp_act.c		diff \| blob \| blame \| history