RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-28 16:40:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

DEBUG: ssl: make sure we never change a servername on established connections

Browse Source 
Since this case was already met previously with commit 655dec81b
("BUG/MINOR: backend: do not set sni on connection reuse"), let's make
sure that we don't change reused connection settings. This could be
generalized to most settings that are only in effect before the handshake
in fact (like set_alpn and a few other ones).
This commit is contained in:
Willy Tarreau 2021-12-23 11:12:13 +01:00
parent 0d93a81863
commit 77bfa66124
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_sock.c
View File

@ -6604,6 +6604,10 @@ void ssl_sock_set_servername(struct connection *conn, const char *hostname)
if (!conn_is_ssl(conn))
return;
BUG_ON(!(conn->flags & CO_FL_WAIT_L6_CONN));
BUG_ON(!(conn->flags & CO_FL_SSL_WAIT_HS));
ctx = conn->xprt_ctx;
s = __objt_server(conn->target);