William Dauchy a087f87875 BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl ... While giving a fresh try to `set server ssl` (which I wrote), I realised the behavior is a bit inconsistent. Indeed when using this command over a server with ssl enabled for the data path but also for the health check path we have: - data and health check done using tls - emit `set server be_foo/srv0 ssl off` - data path and health check path becomes plain text - emit `set server be_foo/srv0 ssl on` - data path becomes tls and health check path remains plain text while I thought the end result would be: - data path and health check path comes back in tls In the current code we indeed erase all connections while deactivating, but restore only the data path while activating. I made this mistake in the past because I was testing with a case where the health check plain text by default. There are several ways to solve this issue. The cleanest one would probably be to avoid changing the health check connection when we use `set server ssl` command, and create a new command `set server ssl-check` to change this. For now I assumed this would be ok to simply avoid changing the health check path and be more consistent. This patch tries to address that and also update the documentation. It should not break the existing usage with health check on plain text, as in this case they should have `no-check-ssl` in defaults. Without this patch, it makes the command unusable in an env where you have a list of server to add along the way with initial `server-template`, and all using tls for data and healthcheck path. For 2.6 we should probably reconsider and add `set server ssl-check` command for better granularity of cases. If this solution is accepted, this patch should be backported up to >= 2.4. The alternative solution was to restore the previous state, but I believe this will create even more confusion in the future. Signed-off-by: William Dauchy <wdauchy@gmail.com>		2022-01-18 12:05:17 +01:00
..
design-thoughts
internals	DOC: internals: document the pools architecture and API	2022-01-11 14:51:41 +01:00
lua-api	DOC: lua: documentation about the httpclient API	2021-11-19 16:06:23 +01:00
51Degrees-device-detection.txt	CONTRIB: move 51Degrees to addons/51degrees	2021-04-02 17:48:42 +02:00
acl.fig
architecture.txt	DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments	2021-05-09 06:50:46 +02:00
close-options.txt	MINOR: config: reject long-deprecated "option forceclose"	2021-06-11 16:57:34 +02:00
coding-style.txt	DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments	2021-05-09 06:50:46 +02:00
configuration.txt	MINOR: proxy: add option idle-close-on-response	2022-01-06 09:09:51 +01:00
cookie-options.txt
DeviceAtlas-device-detection.txt	CONTRIB: move src/da.c and contrib/deviceatlas to addons/deviceatlas	2021-04-02 17:48:42 +02:00
gpl.txt
haproxy.1	DOC: add description of pidfile in master-worker mode	2020-08-26 18:40:53 +02:00
intro.txt	[RELEASE] Released version 2.6-dev0	2021-11-23 15:50:11 +01:00
lgpl.txt
linux-syn-cookies.txt
lua.txt	[RELEASE] Released version 2.4-dev19	2021-05-10 07:50:26 +02:00
management.txt	BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl	2022-01-18 12:05:17 +01:00
netscaler-client-ip-insertion-protocol.txt
network-namespaces.txt
peers-v2.0.txt	DOC: peers: fix the protocol tag name in the doc	2021-05-09 06:38:07 +02:00
peers.txt	DOC/peers: some grammar fixes for peers 2.1 spec	2021-11-02 17:28:43 +01:00
proxy-protocol.txt	DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments	2021-05-09 06:50:46 +02:00
queuing.fig
regression-testing.txt	DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments	2021-05-09 06:50:46 +02:00
seamless_reload.txt
SOCKS4.protocol.txt
SPOE.txt	DOC: spoe: Clarify use of the event directive in spoe-message section	2021-12-03 10:18:11 +01:00
WURFL-device-detection.txt	CONTRIB: move src/wurfl.c and contrib/wurfl to addons/wurfl	2021-04-02 17:48:42 +02:00