From 75522fdf8ba8db3c63ed0e444204a4925acbad9a Mon Sep 17 00:00:00 2001
From: Dirk Silkenbaeumer <dirk@silkenbaeumer.de>
Date: Tue, 20 Dec 2022 20:36:28 +0100
Subject: [PATCH] SSL healthcheck

---
 .../opnsense/service/templates/OPNsense/HAProxy/haproxy.conf    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index e0fb1fd7a..9f4ab012f 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -1825,7 +1825,7 @@ backend {{backend.name}}
 {#               # 2. in health checks: to verify *only* health check communication to this server #}
 {#               # When 1. is enabled, health checks are automatically secured. #}
 {#               # Use-case for 2: when using TCP for server communication, but HTTPS for health checks. #}
-{%               if server_data.ssl|default("") == '1' or (healthcheck_enabled == '1' and healthcheck_data.force_ssl|default('') == '1') %}
+{%               if server_data.ssl|default("") == '1' or (healthcheck_enabled == '1' and (healthcheck_data.ssl|default('') == 'ssl' or healthcheck_data.ssl|default('') == 'sslsni')) %}
 {#                 # get status of ssl verification #}
 {%                 set ssl_verify_enabled = '0' %}
 {%                 if helpers.exists('OPNsense.HAProxy.general.tuning.sslServerVerify') and OPNsense.HAProxy.general.tuning.sslServerVerify|default("") != 'ignore' %}