From a48437bb5e64e04159e320b99ae983f42c2abcb6 Mon Sep 17 00:00:00 2001
From: Olivier Houchard <ohouchard@haproxy.com>
Date: Tue, 29 Jan 2019 16:37:52 +0100
Subject: [PATCH] BUG/MEDIUM: checks: Don't try to set ALPN if connection
 failed.

If we failed to connect, don't attempt to set the ALPN, as we don't have
a SSL context, anyway.

This should be backported to 1.9.
---
 src/checks.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/checks.c b/src/checks.c
index 78d4e390b6..e4c7a4896d 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -1641,11 +1641,13 @@ static int connect_conn_chk(struct task *t)
 
 
 #ifdef USE_OPENSSL
-	if (s->check.sni)
-		ssl_sock_set_servername(conn, s->check.sni);
-	if (s->check.alpn_str)
-		ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str,
-		    s->check.alpn_len);
+	if (ret == SF_ERR_NONE) {
+		if (s->check.sni)
+			ssl_sock_set_servername(conn, s->check.sni);
+		if (s->check.alpn_str)
+			ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str,
+			    s->check.alpn_len);
+	}
 #endif
 	if (s->check.send_proxy && !(check->state & CHK_ST_AGENT)) {
 		conn->send_proxy_ofs = 1;
-- 
2.47.3