MINOR: ssl: support ssl keyword for dynamic servers

Activate the 'ssl' keyword for dynamic servers. This is the final step
to have ssl dynamic servers feature implemented. If activated,
ssl_sock_prepare_srv_ctx will be called at the end of the 'add server'
CLI handler.

At the same time, update the management doc to list all ssl keywords
implemented for dynamic servers.

diff --git a/doc/management.txt b/doc/management.txt
index 932981b..7abfc85 100644 (file)
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -1472,13 +1472,25 @@ add server <backend>/<server> [args]*
 
   Here is the list of the currently supported keywords :
 
+  - allow-0rtt
+  - alpn
   - backup
+  - ca-file
+  - ciphers
+  - ciphersuites
+  - crl-file
+  - crt
   - disabled
   - enabled
+  - force-sslv3/tlsv10/tlsv11/tlsv12/tlsv13
   - id
   - maxconn
   - maxqueue
   - minconn
+  - no-ssl-reuse
+  - no-sslv3/tlsv10/tlsv11/tlsv12/tlsv13
+  - no-tls-tickets
+  - npn
   - pool-low-conn
   - pool-max-conn
   - pool-purge-delay
@@ -1486,9 +1498,18 @@ add server <backend>/<server> [args]*
   - proxy-v2-options
   - send-proxy
   - send-proxy-v2
+  - send-proxy-v2-ssl
+  - send-proxy-v2-ssl-cn
+  - sni
   - source
+  - ssl
+  - ssl-max-ver
+  - ssl-min-ver
   - tfo
+  - tls-tickets
   - usesrc
+  - verify
+  - verifyhost
   - weight
 
   Their syntax is similar to the server line from the configuration file,

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 7aa8efa..6df5911 100644 (file)
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1911,7 +1911,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
        { "send-proxy-v2-ssl",       srv_parse_send_proxy_ssl,     0, 1, 1 }, /* send PROXY protocol header v2 with SSL info */
        { "send-proxy-v2-ssl-cn",    srv_parse_send_proxy_cn,      0, 1, 1 }, /* send PROXY protocol header v2 with CN */
        { "sni",                     srv_parse_sni,                1, 1, 1 }, /* send SNI extension */
-       { "ssl",                     srv_parse_ssl,                0, 1, 0 }, /* enable SSL processing */
+       { "ssl",                     srv_parse_ssl,                0, 1, 1 }, /* enable SSL processing */
        { "ssl-min-ver",             srv_parse_tls_method_minmax,  1, 1, 1 }, /* minimum version */
        { "ssl-max-ver",             srv_parse_tls_method_minmax,  1, 1, 1 }, /* maximum version */
        { "ssl-reuse",               srv_parse_ssl_reuse,          0, 1, 0 }, /* enable session reuse */

diff --git a/src/server.c b/src/server.c
index 4a4c3c8..96390e8 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -4491,6 +4491,13 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
                goto out;
        }
 
+       if (srv->use_ssl == 1) {
+               if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
+                       if (xprt_get(XPRT_SSL)->prepare_srv(srv))
+                               goto out;
+               }
+       }
+
        /* Attach the server to the end of the proxy linked list. Note that this
         * operation is not thread-safe so this is executed under thread
         * isolation.