From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Tue, 1 Jun 2021 15:04:10 +0000 (+0200)
Subject: BUG/MINOR: backend: do not set sni on connection reuse
X-Git-Tag: v2.5-dev1~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=655dec81bde67a3e1acb146b18e6a038fe8c797b;p=thirdparty%2Fhaproxy.git

BUG/MINOR: backend: do not set sni on connection reuse

When reusing a backend connection, do not reapply the SNI on the
connection. It should already be defined when the connection was
instantiated on a previous connect_server invocation. As the SNI is a
parameter used to select a connection, only connection with same value
can be reused.

The impact of this bug is unknown and may be null. No memory leak has
been reported by valgrind. So this is more a cleaning fix.

This commit relies on the SF_SRV_REUSED flag and thus depends on the
following fix :
  BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose

This should be backported up to 2.4.
---

diff --git a/src/backend.c b/src/backend.c
index 6382805812..2ce34d1e1c 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1625,8 +1625,10 @@ skip_reuse:
 		return err;
 
 #ifdef USE_OPENSSL
-	if (smp_make_safe(sni_smp))
-		ssl_sock_set_servername(srv_conn, sni_smp->data.u.str.area);
+	if (!(s->flags & SF_SRV_REUSED)) {
+		if (smp_make_safe(sni_smp))
+			ssl_sock_set_servername(srv_conn, sni_smp->data.u.str.area);
+	}
 #endif /* USE_OPENSSL */
 
 	/* The CO_FL_SEND_PROXY flag may have been set by the connect method,