BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
Lasse Birnbaum Jensen reported an issue when agent checks are used at the same
time as standard healthchecks when SSL is enabled on the server side.
The symptom is that agent checks try to communicate in SSL while it should
manage raw data. This happens because the transport layer is shared between all
kind of checks.
To fix the issue, the transport layer is now stored in each check type,
allowing to use SSL healthchecks when required, while an agent check should
always use the raw_sock implementation.
The fix must be backported to 1.5.
diff --git a/src/checks.c b/src/checks.c
index 15a3c40..5dc95b2 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -1419,7 +1419,7 @@
/* prepare a new connection */
conn_init(conn);
- conn_prepare(conn, s->check_common.proto, s->check_common.xprt);
+ conn_prepare(conn, s->check_common.proto, check->xprt);
conn_attach(conn, check, &check_conn_cb);
conn->target = &s->obj_type;
diff --git a/src/server.c b/src/server.c
index fdb63cc..94a31b6 100644
--- a/src/server.c
+++ b/src/server.c
@@ -929,7 +929,7 @@
newsrv->addr = *sk;
newsrv->proto = newsrv->check_common.proto = protocol_by_family(newsrv->addr.ss_family);
- newsrv->xprt = newsrv->check_common.xprt = &raw_sock;
+ newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt = &raw_sock;
if (!newsrv->proto) {
Alert("parsing [%s:%d] : Unknown protocol family %d '%s'\n",
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e8a3df9..a8b4ea8 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1825,7 +1825,7 @@
if (srv->use_ssl)
srv->xprt = &ssl_sock;
if (srv->check.use_ssl)
- srv->check_common.xprt = &ssl_sock;
+ srv->check.xprt = &ssl_sock;
srv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method());
if (!srv->ssl_ctx.ctx) {