From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 26 Jun 2026 15:07:51 +0000 (+0200)
Subject: MEDIUM: httpclient: initialize the httpclient with default SSL values
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d64d390c8dc9af5f626052d08eeb4a1f2dd5d2e;p=thirdparty%2Fhaproxy.git

MEDIUM: httpclient: initialize the httpclient with default SSL values

The current httpclient implementation does not initialize its server
with the options from the global section: ciphers, ciphersuites and
various SSL options are always the default of the SSL library.

This patch changes the behavior and apply the ssl-default-server-*
keywords to the httpclient SSL server.
---

diff --git a/src/http_client.c b/src/http_client.c
index fa205f0f0..c1aa99404 100644
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -1189,6 +1189,12 @@ struct proxy *httpclient_create_proxy(const char *id)
 		goto err;
 	}
 #endif
+	if (ssl_sock_init_srv(srv_ssl)) {
+		memprintf(&errmsg, "out of memory.");
+		err_code |= ERR_ALERT | ERR_FATAL;
+		goto err;
+	}
+
 	srv_ssl->ssl_ctx.verify = httpclient_ssl_verify;
 	/* if the verify is required, try to load the system CA */
 	if (httpclient_ssl_verify == SSL_SOCK_VERIFY_REQUIRED) {