Re: [PATCH v5 0/2] add set server ssl command

Wed, 18 Nov 2020 08:24:08 -0800 

On Sat, Nov 14, 2020 at 07:25:31PM +0100, William Dauchy wrote:
> Hello,
> 
> This patchset is an attempt to add a new command for configure ssl on
> server at runtime:
> 
> - the first patch is a simple preparation work
> - the second one is adding the new command. Now that I understand how
>   ssl backend connections are initialized, I change it to: init SSL
>   connection at startup. The command is only here to de/activate the SSL
>   connection.
> 
> remaining point for another patchset:
> - to follow up the work done on `show stats` with weight done by Willy,
>   I am thinking to display use_ssl in that command as well, completely
>   removing the use of `show servers state` for our own use case. As
>   stated by Willy, we however need to make sure not to display this
>   information in all cases as the stats page could be often public.
> 
> ---
> changed in v2:
> - patch1/4: reorder parameters to match format string
> - patch3/4: reorder includes, error introduced while splitting my patch.
> 
> changed in v3:
> - reorg to allow build without USE_OPENSSL
> 
> changed in v4:
> - init SSL ctx at process startup at it could not work because SSL
>   functions are accessing filesystem
> - slightly change no-ssl keyword behaviour to allow SSL connection init,
>   when being used with a default-server ssl setting
> 
> changed in v5:
> - improve commit message of patch 1/2
> - add test for the new set server ssl command
> 
> William Dauchy (2):
>   MINOR: ssl: create common ssl_ctx init
>   MEDIUM: cli/ssl: configure ssl on server at runtime
> 
>  doc/configuration.txt                         |  4 ++
>  doc/management.txt                            |  4 ++
>  include/haproxy/server-t.h                    |  7 ++-
>  include/haproxy/ssl_sock.h                    |  1 +
>  .../checks/1be_40srv_odd_health_checks.vtc    |  2 +-
>  .../checks/40be_2srv_odd_health_checks.vtc    |  2 +-
>  reg-tests/checks/4be_1srv_health_checks.vtc   |  6 +-
>  reg-tests/server/cli_set_ssl.vtc              | 54 +++++++++++++++++
>  src/cfgparse-ssl.c                            | 59 +++++++++----------
>  src/cfgparse.c                                |  9 ++-
>  src/proxy.c                                   |  5 +-
>  src/server.c                                  | 41 ++++++++++++-
>  src/ssl_sock.c                                | 17 ++++++
>  13 files changed, 165 insertions(+), 46 deletions(-)
>  create mode 100644 reg-tests/server/cli_set_ssl.vtc
> 

Thanks, now merged.

-- 
William Lallemand

Reply via email to