From f71b2f43383dc27902703bfbb31b804254216db8 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Thu, 19 Feb 2026 16:38:39 +0100 Subject: [PATCH] BUG/MINOR: server: enable no-check-sni-auto for dynamic servers Allows server keyword "no-check-sni-auto" for dynamic servers. This may be necessary to users who do not want to benefit from auto SNI for checks. Keyword "check-sni-auto" is still deactivated for dynamic servers, for the same reason as "sni-auto" (cf the previous patch for a complete explanation). This must be backported up to 3.3. --- src/cfgparse-ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index 508113668..8b8d7f5e1 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -2738,7 +2738,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, { { "force-tlsv12", srv_parse_tls_method_options, 0, 1, 1 }, /* force TLSv12 */ { "force-tlsv13", srv_parse_tls_method_options, 0, 1, 1 }, /* force TLSv13 */ { "ktls", srv_parse_ktls, 1, 1, 1 }, /* enable or disable kTLS */ - { "no-check-sni-auto", srv_parse_no_check_sni_auto, 0, 1, 0 }, /* disable automatic SNI selection for health checks */ + { "no-check-sni-auto", srv_parse_no_check_sni_auto, 0, 1, 1 }, /* disable automatic SNI selection for health checks */ { "no-check-ssl", srv_parse_no_check_ssl, 0, 1, 0 }, /* disable SSL for health checks */ { "no-renegotiate", srv_parse_renegotiate, 0, 1, 1 }, /* Disable renegotiation */ { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1, 0 }, /* do not send PROXY protocol header v2 with SSL info */ -- 2.47.3