BUG/MEDIUM: check: Don't reuse the server xprt if we should not

Don't assume the check will reuse the server's xprt. It may not be true
if some settings such as the ALPN has been set, and it differs from the
server's one. If the server is QUIC, and we want to use TCP for checks,
we certainly don't want to reuse its XPRT.

diff --git a/src/check.c b/src/check.c
index 45ada607c548e5f90211fba3df0ead4bb31186e8..0c1bdd25b18c574ed918d3a3f0bc171ded8af9f7 100644 (file)
--- a/src/check.c
+++ b/src/check.c
@@ -1813,7 +1813,15 @@ int init_srv_check(struct server *srv)
                 * specified.
                 */
                if (!srv->check.port && !is_addr(&srv->check.addr)) {
-                       if (!srv->check.use_ssl && srv->use_ssl != -1)
+                       /*
+                        * If any setting is set for the check, then we can't
+                        * assume we'll use the same XPRT as the server, the
+                        * server may be QUIC, but we want a TCP check.
+                        */
+                       if (!srv->check.use_ssl && srv->use_ssl != -1 &&
+                           !srv->check.via_socks4 && !srv->check.send_proxy &&
+                           (!srv->check.alpn_len || (srv->check.alpn_len == srv->ssl_ctx.alpn_len && !strncmp(srv->check.alpn_str, srv->ssl_ctx.alpn_str, srv->check.alpn_len))) &&
+                           (!srv->check.mux_proto || srv->check.mux_proto != srv->mux_proto))
                                srv->check.xprt = srv->xprt;
                        else if (srv->check.use_ssl == 1)
                                srv->check.xprt = xprt_get(XPRT_SSL);