BUG/MEDIUM: server: do not use default SNI if manually set

A new server feature "sni-auto" has been introduced recently. The
objective is to automatically set the SNI value to the host header if no
SNI is explicitely set.

  668916c1a2fc2180028ae051aa805bb71c7b690b
  MEDIUM: server/ssl: Base the SNI value to the HTTP host header by default

There is an issue with it : server SNI is currently always overwritten,
even if explicitely set in the configuration file. Adjust
check_config_validity() to ensure the default value is only used if
<sni_expr> is NULL.

This issue was detected as a memory leak on <sni_expr> was reported when
SNI is explicitely set on a server line.

This patch is related to github feature request #3081.

No need to backport, unless the above patch is.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 4a0fec8f69a47ea4f5cab63129a7a1249c1737ea..8c365e916fef3389dd2875cbb90aaed4dc275e1a 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3851,10 +3851,11 @@ out_uri_auth_compat:
                        }
 
                        if (newsrv->use_ssl == 1 || ((newsrv->flags & SRV_F_DEFSRV_USE_SSL) && newsrv->use_ssl != 1)) {
-                               /* In HTTP only, if the SNI not set and we can realy on the host
+                               /* In HTTP only, if the SNI is not set and we can rely on the host
                                 * header value, fill the sni expression accordingly
                                 */
-                               if (newsrv->proxy->mode == PR_MODE_HTTP && !(newsrv->ssl_ctx.options & SRV_SSL_O_NO_AUTO_SNI)) {
+                               if (!newsrv->sni_expr && newsrv->proxy->mode == PR_MODE_HTTP &&
+                                   !(newsrv->ssl_ctx.options & SRV_SSL_O_NO_AUTO_SNI)) {
                                        newsrv->sni_expr = strdup("req.hdr(host),field(1,:)");
 
                                        err = NULL;