MEDIUM: checks: Implement ssl-hello check using tcp-check rules
A shared tcp-check ruleset is now created to support ssl-hello check. This way
no extra memory is used if several backends use a ssl-hello check.
The following sequence is used :
tcp-check send-binary SSLV3_CLIENT_HELLO log-format
tcp-check expect rbinary "^1[56]" min-recv 5 \
error-status "L6RSP" tout-status "L6TOUT"
SSLV3_CLIENT_HELLO is a log-format hexa string representing a SSLv3 CLIENT HELLO
packet. It is the same than the one used by the old ssl-hello except the sample
expression "%[date(),htonl,hex]" is used to set the date field.
diff --git a/include/types/checks.h b/include/types/checks.h
index b5f4649..4830f0d 100644
--- a/include/types/checks.h
+++ b/include/types/checks.h
@@ -313,6 +313,7 @@
#define TCPCHK_RULES_DEF 0x00000002 /* Ruleset inherited from the default section */
#define TCPCHK_RULES_REDIS_CHK 0x00000020
+#define TCPCHK_RULES_SSL3_CHK 0x00000070
/* A list of tcp-check vars, to be registered before executing a ruleset */
struct tcpcheck_var {