Revert "BUG/MEDIUM: server/ssl: Unset the SNI for new server connections if none...

author Christopher Faulet <cfaulet@haproxy.com>

Wed, 26 Nov 2025 10:05:14 +0000 (11:05 +0100)

committer Christopher Faulet <cfaulet@haproxy.com>

Wed, 26 Nov 2025 11:05:43 +0000 (12:05 +0100)
author Christopher Faulet <cfaulet@haproxy.com>
Wed, 26 Nov 2025 10:05:14 +0000 (11:05 +0100)
committer Christopher Faulet <cfaulet@haproxy.com>
Wed, 26 Nov 2025 11:05:43 +0000 (12:05 +0100)
diff --git a/src/backend.c b/src/backend.c

index 45dab68df69c05b6c59e03e8309c9f4a6c7b11d6..0170547b29274620444471a63937a63102269372 100644 (file)
--- a/src/backend.c
+++ b/src/backend.c
@@ -2156,22 +2156,14 @@ int connect_server(struct stream *s)
  
  #ifdef USE_OPENSSL
         /* Set socket SNI unless connection is reused. */
-       if (conn_is_ssl(srv_conn) && !(s->flags & SF_SRV_REUSED)) {
-               int sni_set = 0;
-
-               if (srv && srv->ssl_ctx.sni) {
-                       struct sample *sni_smp = NULL;
-
-                       sni_smp = sample_fetch_as_type(s->be, s->sess, s,
-                                                      SMP_OPT_DIR_REQ | SMP_OPT_FINAL,
-                                                      srv->ssl_ctx.sni, SMP_T_STR);
-                       if (smp_make_safe(sni_smp)) {
-                               ssl_sock_set_servername(srv_conn, sni_smp->data.u.str.area);
-                               sni_set = 1;
-                       }
-               }
-               if (!sni_set)
-                       ssl_sock_set_servername(srv_conn, NULL);
+       if (conn_is_ssl(srv_conn) && srv && srv->ssl_ctx.sni && !(s->flags & SF_SRV_REUSED)) {
+               struct sample *sni_smp = NULL;
+
+               sni_smp = sample_fetch_as_type(s->be, s->sess, s,
+                                              SMP_OPT_DIR_REQ | SMP_OPT_FINAL,
+                                              srv->ssl_ctx.sni, SMP_T_STR);
+               if (smp_make_safe(sni_smp))
+                       ssl_sock_set_servername(srv_conn, sni_smp->data.u.str.area);
         }
  #endif /* USE_OPENSSL */
  
diff --git a/src/tcpcheck.c b/src/tcpcheck.c

index 88a54d1486f5a2ed3be198e8aecebff2c12b4905..815a84099c80f38f9dddff50a8b2b7f6c97199d7 100644 (file)
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c
@@ -1509,8 +1509,6 @@ enum tcpcheck_eval_ret tcpcheck_eval_connect(struct check *check, struct tcpchec
                         ssl_sock_set_servername(conn, s->check.sni);
                 else if (auto_sni)
                         ssl_sock_set_servername(conn, b_orig(auto_sni));
-               else
-                       ssl_sock_set_servername(conn, NULL);
  
                 if (connect->alpn)
                         ssl_sock_set_alpn(conn, (unsigned char *)connect->alpn, connect->alpn_len);
author	Christopher Faulet <cfaulet@haproxy.com>
	Wed, 26 Nov 2025 10:05:14 +0000 (11:05 +0100)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Wed, 26 Nov 2025 11:05:43 +0000 (12:05 +0100)
src/backend.c		patch \| blob \| blame \| history
src/tcpcheck.c		patch \| blob \| blame \| history