From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Wed, 19 May 2021 13:00:54 +0000 (+0200)
Subject: MINOR: server: disable CLI 'set server ssl' for dynamic servers
X-Git-Tag: v2.5-dev1~75
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b89d3d3de7524b26acde4bd9b780f659e96c433f;p=thirdparty%2Fhaproxy.git

MINOR: server: disable CLI 'set server ssl' for dynamic servers

'set server ssl' uses ssl parameters from default-server. As dynamic
servers does not reuse any default-server parameters, this command has
no sense for them.
---

diff --git a/src/server.c b/src/server.c
index ef80d2b0ff..4a4c3c8436 100644
--- a/src/server.c
+++ b/src/server.c
@@ -4081,6 +4081,11 @@ static int cli_parse_set_server(char **args, char *payload, struct appctx *appct
 	}
 	else if (strcmp(args[3], "ssl") == 0) {
 #ifdef USE_OPENSSL
+		if (sv->flags & SRV_F_DYNAMIC) {
+			cli_err(appctx, "'set server <srv> ssl' not supported on dynamic servers\n");
+			goto out;
+		}
+
 		if (sv->ssl_ctx.ctx == NULL) {
 			cli_err(appctx, "'set server <srv> ssl' cannot be set. "
 					" default-server should define ssl settings\n");