diff --git a/doc/management.txt b/doc/management.txt index a71307169..254f604e7 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -1507,8 +1507,11 @@ add server / [args]* - backup - ca-file - check + - check-alpn - check-proto - check-send-proxy + - check-sni + - check-ssl - check-via-socks4 - ciphers - ciphersuites diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index 0ca8cab31..09bcc64f7 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -1887,9 +1887,9 @@ static struct srv_kw_list srv_kws = { "SSL", { }, { { "allow-0rtt", srv_parse_allow_0rtt, 0, 1, 1 }, /* Allow using early data on this server */ { "alpn", srv_parse_alpn, 1, 1, 1 }, /* Set ALPN supported protocols */ { "ca-file", srv_parse_ca_file, 1, 1, 1 }, /* set CAfile to process verify server cert */ - { "check-alpn", srv_parse_check_alpn, 1, 1, 0 }, /* Set ALPN used for checks */ - { "check-sni", srv_parse_check_sni, 1, 1, 0 }, /* set SNI */ - { "check-ssl", srv_parse_check_ssl, 0, 1, 0 }, /* enable SSL for health checks */ + { "check-alpn", srv_parse_check_alpn, 1, 1, 1 }, /* Set ALPN used for checks */ + { "check-sni", srv_parse_check_sni, 1, 1, 1 }, /* set SNI */ + { "check-ssl", srv_parse_check_ssl, 0, 1, 1 }, /* enable SSL for health checks */ { "ciphers", srv_parse_ciphers, 1, 1, 1 }, /* select the cipher suite */ #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES { "ciphersuites", srv_parse_ciphersuites, 1, 1, 1 }, /* select the cipher suite */ diff --git a/src/server.c b/src/server.c index a39569ea1..96c71fb51 100644 --- a/src/server.c +++ b/src/server.c @@ -4563,7 +4563,8 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct goto out; } - if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL)) { + if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL) || + srv->check.use_ssl == 1) { if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) { if (xprt_get(XPRT_SSL)->prepare_srv(srv)) goto out;