Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / bcaf1d7397c7c27081821fb35153776eccf12ef2^! / .
commitbcaf1d7397c7c27081821fb35153776eccf12ef2[log] [tgz]
authorFrédéric Lécaille <flecaille@haproxy.com>Wed Mar 15 16:20:02 2017 +0100
committerWilly Tarreau <w@1wt.eu>Mon Mar 27 14:37:01 2017 +0200
treed1586880da4ce4ba4f0c48ca1d411cf7e6182128
parent9d1b95b5917fe0778f8e63fd3aeb8f7185f429d1 [diff]
MINOR: server: Make 'default-server' support 'ciphers' keyword.

This patch makes 'default-server' directive support 'ciphers' setting.

diff --git a/src/server.c b/src/server.c
index 3ae0632..2bba49f 100644
--- a/src/server.c
+++ b/src/server.c

@@ -1431,6 +1431,8 @@
 			newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify;
 			if (curproxy->defsrv.ssl_ctx.verify_host != NULL)
 				newsrv->ssl_ctx.verify_host = strdup(curproxy->defsrv.ssl_ctx.verify_host);
+			if (curproxy->defsrv.ssl_ctx.ciphers != NULL)
+				newsrv->ssl_ctx.ciphers = strdup(curproxy->defsrv.ssl_ctx.ciphers);
 #endif
 
 			cur_arg = 3;

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 72b3259..9d85eac 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -7487,7 +7487,7 @@
 static struct srv_kw_list srv_kws = { "SSL", { }, {
 	{ "ca-file",                 srv_parse_ca_file,           1, 1 }, /* set CAfile to process verify server cert */
 	{ "check-ssl",               srv_parse_check_ssl,         0, 1 }, /* enable SSL for health checks */
-	{ "ciphers",                 srv_parse_ciphers,           1, 0 }, /* select the cipher suite */
+	{ "ciphers",                 srv_parse_ciphers,           1, 1 }, /* select the cipher suite */
 	{ "crl-file",                srv_parse_crl_file,          1, 1 }, /* set certificate revocation list file use on server cert verify */
 	{ "crt",                     srv_parse_crt,               1, 1 }, /* set client certificate */
 	{ "force-sslv3",             srv_parse_force_sslv3,       0, 1 }, /* force SSLv3 */