From 0adafb307eacd75ad0305f996c07668f470da1e4 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 13 Dec 2022 18:17:44 +0100
Subject: [PATCH] BUG/MINOR: startup: don't use internal proxies to compute the
 maxconn

With internal proxies using the SSL activated (httpclient for example)
the automatic computation of the maxconn is wrong because these proxies
are always activated by default.

This patch fixes the issue by not counting these internal proxies during
the computation.

Must be backported as far as 2.5.
---
 src/ssl_sock.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0b8cfb883..cbc1eb94b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5229,8 +5229,10 @@ int ssl_sock_prepare_srv_ctx(struct server *srv)
 {
 	int cfgerr = 0;
 	SSL_CTX *ctx;
-	/* Automatic memory computations need to know we use SSL there */
-	global.ssl_used_backend = 1;
+	/* Automatic memory computations need to know we use SSL there
+	 * If this is an internal proxy, don't use it for the computation */
+	if (!(srv->proxy && srv->proxy->cap & PR_CAP_INT))
+		global.ssl_used_backend = 1;
 
 	/* Initiate SSL context for current server */
 	if (!srv->ssl_ctx.reused_sess) {