mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-22 13:32:44 +00:00
f63704488e
in the context of a progressive backend migration, we want to be able to activate SSL on outgoing connections to the server at runtime without reloading. This patch adds a `set server ssl` command; in order to allow that: - add `srv_use_ssl` to `show servers state` command for compatibility, also update associated parsing - when using default-server ssl setting, and `no-ssl` on server line, init SSL ctx without activating it - when triggering ssl API, de/activate SSL connections as requested - clean ongoing connections as it is done for addr/port changes, without checking prior server state example config: backend be_foo default-server ssl server srv0 127.0.0.1:6011 weight 1 no-ssl show servers state: 5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - -1 where srv0 can switch to ssl later during the runtime: set server be_foo/srv0 ssl on 5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - 1 Also update existing tests and create a new one. Signed-off-by: William Dauchy <wdauchy@gmail.com> |
||
|---|---|---|
| .. | ||
| 1be_40srv_odd_health_checks.vtc | ||
| 4be_1srv_health_checks.vtc | ||
| 4be_1srv_smtpchk_httpchk_layer47errors.vtc | ||
| 40be_2srv_odd_health_checks.vtc | ||
| agent-check.vtc | ||
| common.pem | ||
| http-check-expect.vtc | ||
| http-check-send.vtc | ||
| http-check.vtc | ||
| http-monitor-uri.vtc | ||
| ldap-check.vtc | ||
| mysql-check.vtc | ||
| pgsql-check.vtc | ||
| redis-check.vtc | ||
| smtp-check.vtc | ||
| spop-check.vtc | ||
| ssl-hello-check.vtc | ||
| tcp-check_min-recv.vtc | ||
| tcp-check_multiple_ports.vtc | ||
| tcp-check-ssl.vtc | ||
| tcp-checks-socks4.vtc | ||
| tls_health_checks.vtc | ||