Hello, This patchset is an attempt to add a new command for configure ssl on server at runtime:
- the first patch is a simple preparation work - the second one is adding the new command. Now that I understand how ssl backend connections are initialized, I change it to: init SSL connection at startup. The command is only here to de/activate the SSL connection. remaining point for another patchset: - to follow up the work done on `show stats` with weight done by Willy, I am thinking to display use_ssl in that command as well, completely removing the use of `show servers state` for our own use case. As stated by Willy, we however need to make sure not to display this information in all cases as the stats page could be often public. --- changed in v2: - patch1/4: reorder parameters to match format string - patch3/4: reorder includes, error introduced while splitting my patch. changed in v3: - reorg to allow build without USE_OPENSSL changed in v4: - init SSL ctx at process startup at it could not work because SSL functions are accessing filesystem - slightly change no-ssl keyword behaviour to allow SSL connection init, when being used with a default-server ssl setting changed in v5: - improve commit message of patch 1/2 - add test for the new set server ssl command William Dauchy (2): MINOR: ssl: create common ssl_ctx init MEDIUM: cli/ssl: configure ssl on server at runtime doc/configuration.txt | 4 ++ doc/management.txt | 4 ++ include/haproxy/server-t.h | 7 ++- include/haproxy/ssl_sock.h | 1 + .../checks/1be_40srv_odd_health_checks.vtc | 2 +- .../checks/40be_2srv_odd_health_checks.vtc | 2 +- reg-tests/checks/4be_1srv_health_checks.vtc | 6 +- reg-tests/server/cli_set_ssl.vtc | 54 +++++++++++++++++ src/cfgparse-ssl.c | 59 +++++++++---------- src/cfgparse.c | 9 ++- src/proxy.c | 5 +- src/server.c | 41 ++++++++++++- src/ssl_sock.c | 17 ++++++ 13 files changed, 165 insertions(+), 46 deletions(-) create mode 100644 reg-tests/server/cli_set_ssl.vtc -- 2.29.2
