DEBUG: ssl: make sure we never change a servername on established connections

Since this case was already met previously with commit 655dec81b
("BUG/MINOR: backend: do not set sni on connection reuse"), let's make
sure that we don't change reused connection settings. This could be
generalized to most settings that are only in effect before the handshake
in fact (like set_alpn and a few other ones).

(cherry picked from commit 77bfa66124e8532a4ecbe5025657574bb43b7160)
[wt: it's not enabled in default builds thus is safe to backport; it may
 help sort out certain future bug reports in field]
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f000df7..c8f79b6 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6581,6 +6581,10 @@ void ssl_sock_set_servername(struct connection *conn, const char *hostname)
 
        if (!conn_is_ssl(conn))
                return;
+
+       BUG_ON(!(conn->flags & CO_FL_WAIT_L6_CONN));
+       BUG_ON(!(conn->flags & CO_FL_SSL_WAIT_HS));
+
        ctx = conn->xprt_ctx;
        s = __objt_server(conn->target);