From: Emeric Brun <ebrun@exceliance.fr>
Date: Thu, 11 Oct 2012 13:05:10 +0000 (+0200)
Subject: MEDIUM: ssl: reject ssl server keywords in default-server statement
X-Git-Tag: v1.5-dev13~164
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecc91fea7bef53d265cb06693d07cdefb196a14c;p=thirdparty%2Fhaproxy.git

MEDIUM: ssl: reject ssl server keywords in default-server statement

At the moment they are ignored, but they were not rejected so they could
cause confusion in some configurations.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 72eb88399b..d4024f2bdf 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1614,17 +1614,17 @@ static struct bind_kw_list bind_kws = { "SSL", { }, {
  * not enabled.
  */
 static struct srv_kw_list srv_kws = { "SSL", { }, {
-	{ "check-ssl",             srv_parse_check_ssl,      0, 1 }, /* enable SSL for health checks */
-	{ "ciphers",               srv_parse_ciphers,        1, 1 }, /* select the cipher suite */
-	{ "force-sslv3",           srv_parse_force_sslv3,    0, 1 }, /* force SSLv3 */
-	{ "force-tlsv10",          srv_parse_force_tlsv10,   0, 1 }, /* force TLSv10 */
-	{ "force-tlsv11",          srv_parse_force_tlsv11,   0, 1 }, /* force TLSv11 */
-	{ "force-tlsv12",          srv_parse_force_tlsv12,   0, 1 }, /* force TLSv12 */
-	{ "no-sslv3",              srv_parse_no_sslv3,       0, 1 }, /* disable SSLv3 */
-	{ "no-tlsv10",             srv_parse_no_tlsv10,      0, 1 }, /* disable TLSv10 */
-	{ "no-tlsv11",             srv_parse_no_tlsv11,      0, 1 }, /* disable TLSv11 */
-	{ "no-tlsv12",             srv_parse_no_tlsv12,      0, 1 }, /* disable TLSv12 */
-	{ "ssl",                   srv_parse_ssl,            0, 1 }, /* enable SSL processing */
+	{ "check-ssl",             srv_parse_check_ssl,      0, 0 }, /* enable SSL for health checks */
+	{ "ciphers",               srv_parse_ciphers,        1, 0 }, /* select the cipher suite */
+	{ "force-sslv3",           srv_parse_force_sslv3,    0, 0 }, /* force SSLv3 */
+	{ "force-tlsv10",          srv_parse_force_tlsv10,   0, 0 }, /* force TLSv10 */
+	{ "force-tlsv11",          srv_parse_force_tlsv11,   0, 0 }, /* force TLSv11 */
+	{ "force-tlsv12",          srv_parse_force_tlsv12,   0, 0 }, /* force TLSv12 */
+	{ "no-sslv3",              srv_parse_no_sslv3,       0, 0 }, /* disable SSLv3 */
+	{ "no-tlsv10",             srv_parse_no_tlsv10,      0, 0 }, /* disable TLSv10 */
+	{ "no-tlsv11",             srv_parse_no_tlsv11,      0, 0 }, /* disable TLSv11 */
+	{ "no-tlsv12",             srv_parse_no_tlsv12,      0, 0 }, /* disable TLSv12 */
+	{ "ssl",                   srv_parse_ssl,            0, 0 }, /* enable SSL processing */
 	{ NULL, NULL, 0, 0 },
 }};