MINOR: connection: Set the SNI on server connections before installing the mux

If an expression is configured to set the SNI on a server connection, the
connection is marked as private. To not needlessly add it in the available
connection list when the mux is installed, the SNI is now set on the connection
before installing the mux, just after the call to si_connect().

diff --git a/src/backend.c b/src/backend.c
index 324d7565a4f2836f7bc0012c561e04855b59102b..3f6e7daa27d27af334ee6125358ab25f9c3c3bbe 100644 (file)
--- a/src/backend.c
+++ b/src/backend.c
@@ -1519,6 +1519,19 @@ int connect_server(struct stream *s)
        if (err != SF_ERR_NONE)
                return err;
 
+#ifdef USE_OPENSSL
+       if (srv && srv->ssl_ctx.sni) {
+               struct sample *smp;
+
+               smp = sample_fetch_as_type(s->be, s->sess, s, SMP_OPT_DIR_REQ | SMP_OPT_FINAL,
+                                          srv->ssl_ctx.sni, SMP_T_STR);
+               if (smp_make_safe(smp)) {
+                       ssl_sock_set_servername(srv_conn, smp->data.u.str.area);
+                       srv_conn->flags |= CO_FL_PRIVATE;
+               }
+       }
+#endif /* USE_OPENSSL */
+
        /* We have to defer the mux initialization until after si_connect()
         * has been called, as we need the xprt to have been properly
         * initialized, or any attempt to recv during the mux init may
@@ -1576,21 +1589,6 @@ int connect_server(struct stream *s)
                HA_ATOMIC_UPDATE_MAX(&srv->counters.cur_sess_max, count);
                if (s->be->lbprm.server_take_conn)
                        s->be->lbprm.server_take_conn(srv);
-
-#ifdef USE_OPENSSL
-               if (srv->ssl_ctx.sni) {
-                       struct sample *smp;
-
-                       smp = sample_fetch_as_type(s->be, s->sess, s, SMP_OPT_DIR_REQ | SMP_OPT_FINAL,
-                                                  srv->ssl_ctx.sni, SMP_T_STR);
-                       if (smp_make_safe(smp)) {
-                               ssl_sock_set_servername(srv_conn,
-                                                       smp->data.u.str.area);
-                               srv_conn->flags |= CO_FL_PRIVATE;
-                       }
-               }
-#endif /* USE_OPENSSL */
-
        }
 
        /* Now handle synchronously connected sockets. We know the stream-int