MINOR: ssl: support ssl keyword for dynamic servers

Activate the 'ssl' keyword for dynamic servers. This is the final step to have ssl dynamic servers feature implemented. If activated, ssl_sock_prepare_srv_ctx will be called at the end of the 'add server' CLI handler. At the same time, update the management doc to list all ssl keywords implemented for dynamic servers.
2021-05-19 09:49:41 +02:00 · 2021-05-19 09:49:41 +02:00 · 34897d2eff
commit 34897d2eff
parent 71f9a06e4b
3 changed files with 29 additions and 1 deletions
--- a/doc/management.txt
+++ b/doc/management.txt
@ -1472,13 +1472,25 @@ add server <backend>/<server> [args]*

  Here is the list of the currently supported keywords :

+  - allow-0rtt
+  - alpn
  - backup
+  - ca-file
+  - ciphers
+  - ciphersuites
+  - crl-file
+  - crt
  - disabled
  - enabled
+  - force-sslv3/tlsv10/tlsv11/tlsv12/tlsv13
  - id
  - maxconn
  - maxqueue
  - minconn
+  - no-ssl-reuse
+  - no-sslv3/tlsv10/tlsv11/tlsv12/tlsv13
+  - no-tls-tickets
+  - npn
  - pool-low-conn
  - pool-max-conn
  - pool-purge-delay
@ -1486,9 +1498,18 @@ add server <backend>/<server> [args]*
  - proxy-v2-options
  - send-proxy
  - send-proxy-v2
+  - send-proxy-v2-ssl
+  - send-proxy-v2-ssl-cn
+  - sni
  - source
+  - ssl
+  - ssl-max-ver
+  - ssl-min-ver
  - tfo
+  - tls-tickets
  - usesrc
+  - verify
+  - verifyhost
  - weight

  Their syntax is similar to the server line from the configuration file,
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@ -1911,7 +1911,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
 	{ "send-proxy-v2-ssl",       srv_parse_send_proxy_ssl,     0, 1, 1 }, /* send PROXY protocol header v2 with SSL info */
 	{ "send-proxy-v2-ssl-cn",    srv_parse_send_proxy_cn,      0, 1, 1 }, /* send PROXY protocol header v2 with CN */
 	{ "sni",                     srv_parse_sni,                1, 1, 1 }, /* send SNI extension */
-	{ "ssl",                     srv_parse_ssl,                0, 1, 0 }, /* enable SSL processing */
+	{ "ssl",                     srv_parse_ssl,                0, 1, 1 }, /* enable SSL processing */
 	{ "ssl-min-ver",             srv_parse_tls_method_minmax,  1, 1, 1 }, /* minimum version */
 	{ "ssl-max-ver",             srv_parse_tls_method_minmax,  1, 1, 1 }, /* maximum version */
 	{ "ssl-reuse",               srv_parse_ssl_reuse,          0, 1, 0 }, /* enable session reuse */
--- a/src/server.c
+++ b/src/server.c
@ -4491,6 +4491,13 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
 		goto out;
 	}

+	if (srv->use_ssl == 1) {
+		if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
+			if (xprt_get(XPRT_SSL)->prepare_srv(srv))
+				goto out;
+		}
+	}
+
 	/* Attach the server to the end of the proxy linked list. Note that this
 	 * operation is not thread-safe so this is executed under thread
 	 * isolation.