BUG/MEDIUM: server: do not use default SNI if manually set

A new server feature "sni-auto" has been introduced recently. The objective is to automatically set the SNI value to the host header if no SNI is explicitely set. 668916c1a2 MEDIUM: server/ssl: Base the SNI value to the HTTP host header by default There is an issue with it : server SNI is currently always overwritten, even if explicitely set in the configuration file. Adjust check_config_validity() to ensure the default value is only used if <sni_expr> is NULL. This issue was detected as a memory leak on <sni_expr> was reported when SNI is explicitely set on a server line. This patch is related to github feature request #3081. No need to backport, unless the above patch is.
2026-04-15 21:59:41 -04:00 · 2025-11-24 11:30:19 +01:00 · 2025-11-24 11:30:19 +01:00 · 2829165f61
commit 2829165f61
parent 5dbf06e205
1 changed files with 3 additions and 2 deletions
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -3851,10 +3851,11 @@ out_uri_auth_compat:
 			}

 			if (newsrv->use_ssl == 1 || ((newsrv->flags & SRV_F_DEFSRV_USE_SSL) && newsrv->use_ssl != 1)) {
-				/* In HTTP only, if the SNI not set and we can realy on the host
+				/* In HTTP only, if the SNI is not set and we can rely on the host
 				 * header value, fill the sni expression accordingly
 				 */
-				if (newsrv->proxy->mode == PR_MODE_HTTP && !(newsrv->ssl_ctx.options & SRV_SSL_O_NO_AUTO_SNI)) {
+				if (!newsrv->sni_expr && newsrv->proxy->mode == PR_MODE_HTTP &&
+				    !(newsrv->ssl_ctx.options & SRV_SSL_O_NO_AUTO_SNI)) {
 					newsrv->sni_expr = strdup("req.hdr(host),field(1,:)");

 					err = NULL;