RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-05 03:29:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: server: Make 'default-server' support 'ssl' keyword.

Browse Source 
This patch makes 'default-server' directive support 'ssl' setting.
 A new keyword 'no-ssl' has been added to disable this setting both
 in 'server' and 'default-server' directives.
This commit is contained in:
Frdric Lcaille 2017-03-13 11:54:17 +01:00 committed by Willy Tarreau
parent 2cfcdbe58d
commit e381d7699e
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/ssl_sock.c
View File

@ -6588,6 +6588,15 @@ static int srv_parse_no_force_tlsv12(char **args, int *cur_arg, struct proxy *px
#endif
}
/* parse the "no-ssl" server keyword */
static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{
newsrv->use_ssl = 0;
free(newsrv->ssl_ctx.ciphers);
newsrv->ssl_ctx.ciphers = NULL;
return 0;
}
/* parse the "no-ssl-reuse" server keyword */
static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{
@ -7472,6 +7481,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
{ "no-force-tlsv10", srv_parse_no_force_tlsv10, 0, 1 }, /* do not force TLSv10 */
{ "no-force-tlsv11", srv_parse_no_force_tlsv11, 0, 1 }, /* do not force TLSv11 */
{ "no-force-tlsv12", srv_parse_no_force_tlsv12, 0, 1 }, /* do not force TLSv12 */
{ "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
{ "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
{ "no-sslv3", srv_parse_no_sslv3, 0, 1 }, /* disable SSLv3 */
{ "no-tlsv10", srv_parse_no_tlsv10, 0, 1 }, /* disable TLSv10 */
@ -7481,7 +7491,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
{ "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 0 }, /* send PROXY protocol header v2 with SSL info */
{ "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 0 }, /* send PROXY protocol header v2 with CN */
{ "sni", srv_parse_sni, 1, 0 }, /* send SNI extension */
{ "ssl", srv_parse_ssl, 0, 0 }, /* enable SSL processing */
{ "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
{ "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
{ "sslv3", srv_parse_sslv3, 0, 1 }, /* enable SSLv3 */
{ "tlsv10", srv_parse_tlsv10, 0, 1 }, /* enable TLSv10 */