RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: httpclient: send the SNI using the host header 

Generate an SNI expression which uses the Host header of the request.
This is mandatory for most of the SSL servers nowadays.

Must be backported in 2.5 with the previous patch which export
server_parse_sni_expr().
This commit is contained in:
William Lallemand 2022-03-16 15:47:47 +01:00
parent 0d05867e78
commit 71e3158395
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/http_client.c
View File

@ -1061,6 +1061,8 @@ static int httpclient_cfg_postparser()
{ {
struct logsrv *logsrv; struct logsrv *logsrv;
struct proxy *curproxy = httpclient_proxy; struct proxy *curproxy = httpclient_proxy;
int err_code = 0;
char *errmsg = NULL;
/* copy logs from "global" log list */ /* copy logs from "global" log list */
list_for_each_entry(logsrv, &global.logsrvs, list) { list_for_each_entry(logsrv, &global.logsrvs, list) {
@ -1089,6 +1091,19 @@ static int httpclient_cfg_postparser()
curproxy->conf.args.file = NULL; curproxy->conf.args.file = NULL;
curproxy->conf.args.line = 0; curproxy->conf.args.line = 0;
} }
#ifdef USE_OPENSSL
/* init the SNI expression */
/* always use the host header as SNI, without the port */
httpclient_srv_ssl->sni_expr = strdup("req.hdr(host),field(1,:)");
err_code |= server_parse_sni_expr(httpclient_srv_ssl, httpclient_proxy, &errmsg);
if (err_code & ERR_CODE) {
ha_alert("httpclient: failed to configure sni: %s.\n", errmsg);
free(errmsg);
goto err;
}
#endif
return 0; return 0;
err: err:
return 1; return 1;