MINOR: ssl: support ssl keyword for dynamic servers
Activate the 'ssl' keyword for dynamic servers. This is the final step
to have ssl dynamic servers feature implemented. If activated,
ssl_sock_prepare_srv_ctx will be called at the end of the 'add server'
CLI handler.
At the same time, update the management doc to list all ssl keywords
implemented for dynamic servers.
diff --git a/doc/management.txt b/doc/management.txt
index 932981b..7abfc85 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -1472,13 +1472,25 @@
Here is the list of the currently supported keywords :
+ - allow-0rtt
+ - alpn
- backup
+ - ca-file
+ - ciphers
+ - ciphersuites
+ - crl-file
+ - crt
- disabled
- enabled
+ - force-sslv3/tlsv10/tlsv11/tlsv12/tlsv13
- id
- maxconn
- maxqueue
- minconn
+ - no-ssl-reuse
+ - no-sslv3/tlsv10/tlsv11/tlsv12/tlsv13
+ - no-tls-tickets
+ - npn
- pool-low-conn
- pool-max-conn
- pool-purge-delay
@@ -1486,9 +1498,18 @@
- proxy-v2-options
- send-proxy
- send-proxy-v2
+ - send-proxy-v2-ssl
+ - send-proxy-v2-ssl-cn
+ - sni
- source
+ - ssl
+ - ssl-max-ver
+ - ssl-min-ver
- tfo
+ - tls-tickets
- usesrc
+ - verify
+ - verifyhost
- weight
Their syntax is similar to the server line from the configuration file,
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 7aa8efa..6df5911 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1911,7 +1911,7 @@
{ "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1, 1 }, /* send PROXY protocol header v2 with SSL info */
{ "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1, 1 }, /* send PROXY protocol header v2 with CN */
{ "sni", srv_parse_sni, 1, 1, 1 }, /* send SNI extension */
- { "ssl", srv_parse_ssl, 0, 1, 0 }, /* enable SSL processing */
+ { "ssl", srv_parse_ssl, 0, 1, 1 }, /* enable SSL processing */
{ "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1, 1 }, /* minimum version */
{ "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1, 1 }, /* maximum version */
{ "ssl-reuse", srv_parse_ssl_reuse, 0, 1, 0 }, /* enable session reuse */
diff --git a/src/server.c b/src/server.c
index 4a4c3c8..96390e8 100644
--- a/src/server.c
+++ b/src/server.c
@@ -4491,6 +4491,13 @@
goto out;
}
+ if (srv->use_ssl == 1) {
+ if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
+ if (xprt_get(XPRT_SSL)->prepare_srv(srv))
+ goto out;
+ }
+ }
+
/* Attach the server to the end of the proxy linked list. Note that this
* operation is not thread-safe so this is executed under thread
* isolation.