From 71e31583957895c6601fbad352292497176b7fa3 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Wed, 16 Mar 2022 15:47:47 +0100
Subject: [PATCH] BUG/MINOR: httpclient: send the SNI using the host header

Generate an SNI expression which uses the Host header of the request.
This is mandatory for most of the SSL servers nowadays.

Must be backported in 2.5 with the previous patch which export
server_parse_sni_expr().
---
 src/http_client.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/http_client.c b/src/http_client.c
index f849fea3a6..30656e0362 100644
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -1061,6 +1061,8 @@ static int httpclient_cfg_postparser()
 {
 	struct logsrv *logsrv;
 	struct proxy *curproxy = httpclient_proxy;
+	int err_code = 0;
+	char *errmsg = NULL;
 
 	/* copy logs from "global" log list */
 	list_for_each_entry(logsrv, &global.logsrvs, list) {
@@ -1089,6 +1091,19 @@ static int httpclient_cfg_postparser()
 		curproxy->conf.args.file = NULL;
 		curproxy->conf.args.line = 0;
 	}
+
+#ifdef USE_OPENSSL
+	/* init the SNI expression */
+	/* always use the host header as SNI, without the port */
+	httpclient_srv_ssl->sni_expr = strdup("req.hdr(host),field(1,:)");
+	err_code |= server_parse_sni_expr(httpclient_srv_ssl, httpclient_proxy, &errmsg);
+	if (err_code & ERR_CODE) {
+		ha_alert("httpclient: failed to configure sni: %s.\n", errmsg);
+		free(errmsg);
+		goto err;
+	}
+#endif
+
 	return 0;
 err:
 	return 1;
-- 
2.39.5