Hi!
On Fri, Apr 12, 2024 at 02:29:30PM +0100, William Manley wrote:
> An attach-srv config line usually looks like this:
>
> tcp-request session attach-srv be/srv name ssl_c_s_dn(CN)
>
> The name is a key that is used when looking up connections in the
> connection pool. Without this patch you'd get an error if you passed
> anything other than "ssl_c_s_dn(CN)" as the name expression. Now you can
> pass arbitrary expressions and it will just warn you if you aren't
> producing a configuration that is RFC compliant.
>
> I'm doing this as I want to use `fc_pp_unique_id` as the name.
> ---
> src/tcp_act.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/src/tcp_act.c b/src/tcp_act.c
> index a88fab4af..4d2a56c67 100644
> --- a/src/tcp_act.c
> +++ b/src/tcp_act.c
> @@ -522,8 +522,7 @@ static int tcp_check_attach_srv(struct act_rule *rule,
> struct proxy *px, char **
>
> if ((rule->arg.attach_srv.name && (!srv->use_ssl || !srv->sni_expr)) ||
> (!rule->arg.attach_srv.name && srv->use_ssl && srv->sni_expr)) {
> - memprintf(err, "attach-srv rule: connection will never be used;
> either specify name argument in conjunction with defined SSL SNI on targeted
> server or none of these");
> - return 0;
> + ha_warning("attach-srv rule: connection may never be used;
> usually name argument is defined SSL SNI on targeted server or none of
> these");
Well, I consider that any valid (and useful) configuration must be
writable without a warning. So if you have a valid use case with a
different expression, here you still have no way to express it without
the warning. In this case I'd suggest to use ha_diag_warning() instead,
it will only report this when starting with -dD (config diagnostic mode).
Willy
