On Sat, Nov 14, 2020 at 07:25:31PM +0100, William Dauchy wrote: > Hello, > > This patchset is an attempt to add a new command for configure ssl on > server at runtime: > > - the first patch is a simple preparation work > - the second one is adding the new command. Now that I understand how > ssl backend connections are initialized, I change it to: init SSL > connection at startup. The command is only here to de/activate the SSL > connection. > > remaining point for another patchset: > - to follow up the work done on `show stats` with weight done by Willy, > I am thinking to display use_ssl in that command as well, completely > removing the use of `show servers state` for our own use case. As > stated by Willy, we however need to make sure not to display this > information in all cases as the stats page could be often public. > > --- > changed in v2: > - patch1/4: reorder parameters to match format string > - patch3/4: reorder includes, error introduced while splitting my patch. > > changed in v3: > - reorg to allow build without USE_OPENSSL > > changed in v4: > - init SSL ctx at process startup at it could not work because SSL > functions are accessing filesystem > - slightly change no-ssl keyword behaviour to allow SSL connection init, > when being used with a default-server ssl setting > > changed in v5: > - improve commit message of patch 1/2 > - add test for the new set server ssl command > > William Dauchy (2): > MINOR: ssl: create common ssl_ctx init > MEDIUM: cli/ssl: configure ssl on server at runtime > > doc/configuration.txt | 4 ++ > doc/management.txt | 4 ++ > include/haproxy/server-t.h | 7 ++- > include/haproxy/ssl_sock.h | 1 + > .../checks/1be_40srv_odd_health_checks.vtc | 2 +- > .../checks/40be_2srv_odd_health_checks.vtc | 2 +- > reg-tests/checks/4be_1srv_health_checks.vtc | 6 +- > reg-tests/server/cli_set_ssl.vtc | 54 +++++++++++++++++ > src/cfgparse-ssl.c | 59 +++++++++---------- > src/cfgparse.c | 9 ++- > src/proxy.c | 5 +- > src/server.c | 41 ++++++++++++- > src/ssl_sock.c | 17 ++++++ > 13 files changed, 165 insertions(+), 46 deletions(-) > create mode 100644 reg-tests/server/cli_set_ssl.vtc >
Thanks, now merged. -- William Lallemand