OPTIM: tcpcheck: Don't set SNI and ALPN for non-ssl connections

There is no reason to set the SNI and ALPN for non-ssl connections. It is not really an issue because ssl_sock_set_servername() and ssl_sock_set_alpn() functions will do nothing. But it is cleaner this way and this could avoid bugs in future. No backport needed, because there is no bug.
2026-04-15 21:59:41 -04:00 · 2025-09-03 16:48:11 +02:00 · 2025-09-03 16:48:11 +02:00 · eb3d4eb59f
commit eb3d4eb59f
parent ef07d3511a
1 changed files with 10 additions and 8 deletions
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c
@ -1426,15 +1426,17 @@ enum tcpcheck_eval_ret tcpcheck_eval_connect(struct check *check, struct tcpchec
 	conn->ctx = check->sc;

 #ifdef USE_OPENSSL
-	if (connect->sni)
-		ssl_sock_set_servername(conn, connect->sni);
-	else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s && s->check.sni)
-		ssl_sock_set_servername(conn, s->check.sni);
+	if (conn_is_ssl(conn)) {
+		if (connect->sni)
+			ssl_sock_set_servername(conn, connect->sni);
+		else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s && s->check.sni)
+			ssl_sock_set_servername(conn, s->check.sni);

-	if (connect->alpn)
-		ssl_sock_set_alpn(conn, (unsigned char *)connect->alpn, connect->alpn_len);
-	else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s && s->check.alpn_str)
-		ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str, s->check.alpn_len);
+		if (connect->alpn)
+			ssl_sock_set_alpn(conn, (unsigned char *)connect->alpn, connect->alpn_len);
+		else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s && s->check.alpn_str)
+			ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str, s->check.alpn_len);
+	}
 #endif

 	if (conn_ctrl_ready(conn) && (connect->options & TCPCHK_OPT_LINGER) && !(conn->flags & CO_FL_FDLESS)) {