From 52866349a1c5de450c519d558d2fa8bc97d8607b Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 3 Sep 2025 16:44:15 +0200
Subject: [PATCH] OPTIM: backend: Don't set SNI for non-ssl connections

There is no reason to set the SNI for non-ssl connections. It is not really
an issue because ssl_sock_set_servername() function will do nothing. But
there is no reason to uselessly evaluate an expression.

No backport needed, because there is no bug.
---
 src/backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend.c b/src/backend.c
index aa5052936..00c85a401 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -2107,7 +2107,7 @@ int connect_server(struct stream *s)
 
 #ifdef USE_OPENSSL
 	/* Set socket SNI unless connection is reused. */
-	if (srv && srv->ssl_ctx.sni && !(s->flags & SF_SRV_REUSED)) {
+	if (conn_is_ssl(srv_conn) && srv && srv->ssl_ctx.sni && !(s->flags & SF_SRV_REUSED)) {
 		struct sample *sni_smp = NULL;
 
 		sni_smp = sample_fetch_as_type(s->be, s->sess, s,
-- 
2.47.3