MINOR: ssl: support ssl keyword for dynamic servers

Activate the 'ssl' keyword for dynamic servers. This is the final step
to have ssl dynamic servers feature implemented. If activated,
ssl_sock_prepare_srv_ctx will be called at the end of the 'add server'
CLI handler.

At the same time, update the management doc to list all ssl keywords
implemented for dynamic servers.

diff --git a/doc/management.txt b/doc/management.txt
index 932981bfc2a8698f895822e1716a8a7811a66190..7abfc85fb253bf4bbd0c496732fe070ce8df03f2 100644 (file)
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -1472,13 +1472,25 @@ add server <backend>/<server> [args]*
 
   Here is the list of the currently supported keywords :
 
+  - allow-0rtt
+  - alpn
   - backup
+  - ca-file
+  - ciphers
+  - ciphersuites
+  - crl-file
+  - crt
   - disabled
   - enabled
+  - force-sslv3/tlsv10/tlsv11/tlsv12/tlsv13
   - id
   - maxconn
   - maxqueue
   - minconn
+  - no-ssl-reuse
+  - no-sslv3/tlsv10/tlsv11/tlsv12/tlsv13
+  - no-tls-tickets
+  - npn
   - pool-low-conn
   - pool-max-conn
   - pool-purge-delay
@@ -1486,9 +1498,18 @@ add server <backend>/<server> [args]*
   - proxy-v2-options
   - send-proxy
   - send-proxy-v2
+  - send-proxy-v2-ssl
+  - send-proxy-v2-ssl-cn
+  - sni
   - source
+  - ssl
+  - ssl-max-ver
+  - ssl-min-ver
   - tfo
+  - tls-tickets
   - usesrc
+  - verify
+  - verifyhost
   - weight
 
   Their syntax is similar to the server line from the configuration file,

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 7aa8efa0fbc404efc85782401b54d5f977540fb4..6df5911ebd3591e4a0fac0907af614d3dfd16be1 100644 (file)
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1911,7 +1911,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
        { "send-proxy-v2-ssl",       srv_parse_send_proxy_ssl,     0, 1, 1 }, /* send PROXY protocol header v2 with SSL info */
        { "send-proxy-v2-ssl-cn",    srv_parse_send_proxy_cn,      0, 1, 1 }, /* send PROXY protocol header v2 with CN */
        { "sni",                     srv_parse_sni,                1, 1, 1 }, /* send SNI extension */
-       { "ssl",                     srv_parse_ssl,                0, 1, 0 }, /* enable SSL processing */
+       { "ssl",                     srv_parse_ssl,                0, 1, 1 }, /* enable SSL processing */
        { "ssl-min-ver",             srv_parse_tls_method_minmax,  1, 1, 1 }, /* minimum version */
        { "ssl-max-ver",             srv_parse_tls_method_minmax,  1, 1, 1 }, /* maximum version */
        { "ssl-reuse",               srv_parse_ssl_reuse,          0, 1, 0 }, /* enable session reuse */

diff --git a/src/server.c b/src/server.c
index 4a4c3c8436d7f0b7c26489c0613d50a4357f4ec6..96390e86d2e8de4d24e33abe4674c6f7d1f27a6f 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -4491,6 +4491,13 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
                goto out;
        }
 
+       if (srv->use_ssl == 1) {
+               if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
+                       if (xprt_get(XPRT_SSL)->prepare_srv(srv))
+                               goto out;
+               }
+       }
+
        /* Attach the server to the end of the proxy linked list. Note that this
         * operation is not thread-safe so this is executed under thread
         * isolation.