#define TCPCHK_OPT_DEFAULT_CONNECT 0x0008 /* Do a connect using server params */
struct tcpcheck_connect {
- uint16_t port; /* port to connect to */
+ uint16_t port; /* port to connect to */
uint16_t options; /* options when setting up a new connection */
+ char *sni; /* server name to use for SSL connections */
+ char *alpn; /* ALPN to use for the SSL connection */
+ int alpn_len; /* ALPN string length */
};
enum tcpcheck_send_type {
}
}
else {
- /* TODO: add support for sock4 and sni option */
+#ifdef USE_OPENSSL
+ if (status == SF_ERR_NONE) {
+ if (connect->sni)
+ ssl_sock_set_servername(conn, connect->sni);
+ }
+#endif
+ /* TODO: add support for sock4 option */
if (connect->options & TCPCHK_OPT_SEND_PROXY) {
conn->send_proxy_ofs = 1;
conn->flags |= CO_FL_SEND_PROXY;
}
break;
case TCPCHK_ACT_CONNECT:
+ free(rule->connect.sni);
+ break;
case TCPCHK_ACT_COMMENT:
break;
case TCPCHK_ACT_ACTION_KW:
char **errmsg)
{
struct tcpcheck_rule *chk = NULL;
- char *comment = NULL;
+ char *comment = NULL, *sni = NULL;
unsigned short conn_opts = 0;
long port = 0;
px->options |= PR_O_TCPCHK_SSL;
conn_opts |= TCPCHK_OPT_SSL;
}
+ else if (strcmp(args[cur_arg], "sni") == 0) {
+ if (!*(args[cur_arg+1])) {
+ memprintf(errmsg, "'%s' expects a string as argument.", args[cur_arg]);
+ goto error;
+ }
+ cur_arg++;
+ free(sni);
+ sni = strdup(args[cur_arg]);
+ if (!sni) {
+ memprintf(errmsg, "out of memory");
+ goto error;
+ }
+ }
#endif /* USE_OPENSSL */
else {
memprintf(errmsg, "expects 'comment', 'port', 'send-proxy'"
#ifdef USE_OPENSSL
- ", 'ssl'"
+ ", 'ssl', 'sni'"
#endif /* USE_OPENSSL */
" or 'linger' but got '%s' as argument.",
args[cur_arg]);
chk->comment = comment;
chk->connect.port = port;
chk->connect.options = conn_opts;
+ chk->connect.sni = sni;
return chk;
error:
+ free(sni);
free(comment);
return NULL;
}
projects / thirdparty / haproxy.git / commitdiff
