git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Christopher Faulet <cfaulet@haproxy.com>
	Thu, 4 Sep 2025 08:12:19 +0000 (10:12 +0200)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Fri, 5 Sep 2025 13:56:42 +0000 (15:56 +0200)
commit	668916c1a2fc2180028ae051aa805bb71c7b690b
tree	7bd5c7f8b77062285c3cf171e8d60d9e683886cf	tree \| snapshot
parent	58555b8653172af6be70d2c9de77870cb01a8712	commit \| diff

MEDIUM: server/ssl: Base the SNI value to the HTTP host header by default

For HTTPS outgoing connections, the SNI is now automatically set using the
Host header value if no other value is already set (via the "sni" server
keyword). It is now the default behavior. It could be disabled with the
"no-sni-auto" server keyword. And eventually "sni-auto" server keyword may
be used to reset any previous "no-sni-auto" setting. This option can be
inherited from "default-server" settings. Finally, if no connection name is
set via "pool-conn-name" setting, the selected value is used.

The automatic selection of the SNI is enabled by default for all outgoing
connections. But it is concretely used for HTTPS connections only. The
expression used is "req.hdr(host),host_only".

This patch should paritally fix the issue #3081. It only covers the server
part. Another patch will add the feature for HTTP health-checks.

doc/configuration.txt		diff \| blob \| blame \| history
include/haproxy/server-t.h		diff \| blob \| blame \| history
include/haproxy/server.h		diff \| blob \| blame \| history
reg-tests/ssl/set_ssl_cafile.vtc		diff \| blob \| blame \| history
reg-tests/ssl/set_ssl_crlfile.vtc		diff \| blob \| blame \| history
src/cfgparse-ssl.c		diff \| blob \| blame \| history
src/cfgparse.c		diff \| blob \| blame \| history
src/server.c		diff \| blob \| blame \| history