BUG/MINOR: server: Update healthcheck when server settings are changed via CLI

not all changes are concerned. But when the SSL is enabled or disabled for a
server, the healthcheck xprt must be eventually be updated too. This happens
when the healthcheck relies on the server settings.

In the same spirit, when the healthcheck address and port are updated, we
must fallback on the raw xprt if the SSL is not explicitly enabled for the
healthcheck with a "check-ssl" parameter.

This patch should be backported to all stable versions.

(cherry picked from commit a97bd0f50520b8f70fe0d543a6be863b4b84ac9d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit fb289e8492da7859c43ecb7f4307e0ebfe2c5b80)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 7015fbf066d155b4df9d769c2b348e7038aa7df9)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/server.c b/src/server.c
index 62703ea..271ad2e 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -2660,6 +2660,9 @@ int srv_set_ssl(struct server *s, int use_ssl)
                }
                s->xprt = xprt_get(XPRT_RAW);
        }
+       /* Check if we must rely on the server XPRT for the health-check */
+       if (!s->check.port && !is_addr(&s->check.addr) && !s->check.use_ssl)
+               s->check.xprt = s->xprt;
 
        return 0;
 }
@@ -4347,6 +4350,10 @@ out:
                        s->check.addr = sk;
                if (port)
                        s->check.port = new_port;
+
+               /* Fallback to raw XPRT for the health-check */
+               if (!s->check.use_ssl)
+                       s->check.xprt = xprt_get(XPRT_RAW);
        }
        return NULL;
 }