commit e892c4c6702bf2e5ab4b0683c63343e42c8b818c
author Frédéric Lécaille <flecaille@haproxy.com> Mon Mar 13 12:08:01 2017 +0100
committer Willy Tarreau <w@1wt.eu> Mon Mar 27 14:37:01 2017 +0200
tree 05d7e2bc3774cb691f9eccc1043d6e15b5566740
parent e381d7699eae5ec77c4ee9f9f2f77bd5f8c15fa7

MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords.

This patch makes 'default-server' directive support 'send-proxy-v2-ssl'
(resp. 'send-proxy-v2-ssl-cn') setting.
A new keyword 'no-send-proxy-v2-ssl' (resp. 'no-send-proxy-v2-ssl-cn') has been
added to disable 'send-proxy-v2-ssl' (resp. 'send-proxy-v2-ssl-cn') setting both
in 'server' and 'default-server' directives.

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 3d1e444..41b967e 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6588,6 +6588,23 @@
 #endif
 }
 
+/* parse the "no-send-proxy-v2-ssl" server keyword */
+static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
+{
+	newsrv->pp_opts &= ~SRV_PP_V2;
+	newsrv->pp_opts &= ~SRV_PP_V2_SSL;
+	return 0;
+}
+
+/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
+static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
+{
+	newsrv->pp_opts &= ~SRV_PP_V2;
+	newsrv->pp_opts &= ~SRV_PP_V2_SSL;
+	newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
+	return 0;
+}
+
 /* parse the "no-ssl" server keyword */
 static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
 {
@@ -7481,6 +7498,8 @@
 	{ "no-force-tlsv10",       srv_parse_no_force_tlsv10, 0, 1 }, /* do not force TLSv10 */
 	{ "no-force-tlsv11",       srv_parse_no_force_tlsv11, 0, 1 }, /* do not force TLSv11 */
 	{ "no-force-tlsv12",       srv_parse_no_force_tlsv12, 0, 1 }, /* do not force TLSv12 */
+	{ "no-send-proxy-v2-ssl",    srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
+	{ "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn,  0, 1 }, /* do not send PROXY protocol header v2 with CN */
 	{ "no-ssl",                srv_parse_no_ssl,          0, 1 }, /* disable SSL processing */
 	{ "no-ssl-reuse",          srv_parse_no_ssl_reuse,    0, 1 }, /* disable session reuse */
 	{ "no-sslv3",              srv_parse_no_sslv3,        0, 1 }, /* disable SSLv3 */
@@ -7488,8 +7507,8 @@
 	{ "no-tlsv11",             srv_parse_no_tlsv11,       0, 1 }, /* disable TLSv11 */
 	{ "no-tlsv12",             srv_parse_no_tlsv12,       0, 1 }, /* disable TLSv12 */
 	{ "no-tls-tickets",        srv_parse_no_tls_tickets,  0, 1 }, /* disable session resumption tickets */
-	{ "send-proxy-v2-ssl",     srv_parse_send_proxy_ssl,  0, 0 }, /* send PROXY protocol header v2 with SSL info */
-	{ "send-proxy-v2-ssl-cn",  srv_parse_send_proxy_cn,   0, 0 }, /* send PROXY protocol header v2 with CN */
+	{ "send-proxy-v2-ssl",     srv_parse_send_proxy_ssl,  0, 1 }, /* send PROXY protocol header v2 with SSL info */
+	{ "send-proxy-v2-ssl-cn",  srv_parse_send_proxy_cn,   0, 1 }, /* send PROXY protocol header v2 with CN */
 	{ "sni",                   srv_parse_sni,             1, 0 }, /* send SNI extension */
 	{ "ssl",                   srv_parse_ssl,             0, 1 }, /* enable SSL processing */
 	{ "ssl-reuse",             srv_parse_ssl_reuse,       0, 1 }, /* enable session reuse */