MINOR: Add support for server "renegotiate" keywords

Author: oliwer

cmd/server_params_runtime/server_params_prepare_for_runtime.go

@@ -19,6 +19,7 @@ var ServerParamsPrepareForRuntimeMap = map[string]string{ //nolint:gochecknoglob
 	"CheckReusePool":   FuncDoNotSendDisabledFields,
 	"CheckViaSocks4":   FuncDoNotSendDisabledFields,
 	"ForceSslv3":       FuncDoNotSendDisabledFields,
+	"Renegotiate":      FuncDoNotSendEnabledFields, // This won't be true with AWS-LC.
 	"Sslv3":            FuncDoNotSendDisabledFields,
 	"ForceTlsv10":      FuncDoNotSendDisabledFields,
 	"Tlsv10":           FuncDoNotSendDisabledFields,

config-parser/params/server-options.go

@@ -185,6 +185,8 @@ var serverOptionFactoryMethods = map[string]func() ServerOption{ //nolint:gochec
 	"no-tlsv12":               func() ServerOption { return &ServerOptionWord{Name: "no-tlsv12"} },
 	"force-tlsv13":            func() ServerOption { return &ServerOptionWord{Name: "force-tlsv13"} },
 	"no-tlsv13":               func() ServerOption { return &ServerOptionWord{Name: "no-tlsv13"} },
+	"renegotiate":             func() ServerOption { return &ServerOptionWord{Name: "renegotiate"} },
+	"no-renegotiate":          func() ServerOption { return &ServerOptionWord{Name: "no-renegotiate"} },
 	"send-proxy":              func() ServerOption { return &ServerOptionWord{Name: "send-proxy"} },
 	"no-send-proxy":           func() ServerOption { return &ServerOptionWord{Name: "no-send-proxy"} },
 	"send-proxy-v2":           func() ServerOption { return &ServerOptionWord{Name: "send-proxy-v2"} },

configuration/server.go

@@ -324,6 +324,10 @@ func parseServerParams(serverOptions []params.ServerOption, serverParams *models
 			case "no-tlsv13":
 				serverParams.Tlsv13 = "disabled"
 				serverParams.ForceTlsv13 = "disabled"
+			case "renegotiate":
+				serverParams.Renegotiate = "enabled"
+			case "no-renegotiate":
+				serverParams.Renegotiate = "disabled"
 			case "send-proxy":
 				serverParams.SendProxy = "enabled"
 			case "no-send-proxy":
@@ -630,6 +634,11 @@ func SerializeServerParams(s models.ServerParams, opt *options.ConfigurationOpti
 	if s.CheckViaSocks4 == "enabled" {
 		options = append(options, &params.ServerOptionWord{Name: "check-via-socks4"})
 	}
+	if s.Renegotiate == "enabled" {
+		options = append(options, &params.ServerOptionWord{Name: "renegotiate"})
+	} else if s.Renegotiate == "disabled" {
+		options = append(options, &params.ServerOptionWord{Name: "no-renegotiate"})
+	}
 	if s.Sslv3 == "enabled" {
 		options = append(options, &params.ServerOptionWord{Name: "force-sslv3"})
 	}

models/server_params.go

@@ -947,6 +947,12 @@ definitions:
       redir:
         type: string
         x-display-name: Prefix
+      renegotiate:
+        description: Toggles the secure renegotiation mechanism for an SSL backend.
+        enum:
+          - enabled
+          - disabled
+        type: string
       resolve-net:
         pattern: ^([A-Za-z0-9.:/]+)(,[A-Za-z0-9.:/]+)*$
         type: string

models/server_params_compare.go

@@ -121,6 +121,10 @@ server_params:
       type: integer
       x-display-name: Nr. of consecutive failed checks
       x-nullable: true
+    renegotiate:
+      type: string
+      enum: [enabled, disabled]
+      description: Toggles the secure renegotiation mechanism for an SSL backend.
     sslv3:
       type: string
       enum: [enabled, disabled]

models/server_params_compare_test.go

@@ -808,8 +808,8 @@ backend test # my comment
   external-check command /bin/false
   use-server webserv if TRUE # my comment
   use-server webserv2 unless TRUE
-  server webserv 192.168.1.1:9200 maxconn 1000 ssl weight 10 inter 2s cookie BLAH slowstart 6000 proxy-v2-options authority,crc32c ws h1 pool-low-conn 128 id 1234 pool-purge-delay 10s tcp-ut 2s curves secp384r1 client-sigalgs ECDSA+SHA256:RSA+SHA256 sigalgs ECDSA+SHA256 log-bufsize 10 set-proxy-v2-tlv-fmt(0x20) %[fc_pp_tlv(0x20)] init-state fully-up idle-ping 10s check-reuse-pool strict-maxconn # my comment
-  server webserv2 192.168.1.1:9300 maxconn 1000 ssl weight 10 inter 2s cookie BLAH slowstart 6000 proxy-v2-options authority,crc32c ws h1 pool-low-conn 128 hash-key akey pool-conn-name apoolconnname no-check-reuse-pool check-pool-conn-name foo # {"comment": "my structured comment", "id": "my_random_id_for_server"}
+  server webserv 192.168.1.1:9200 maxconn 1000 ssl weight 10 inter 2s cookie BLAH slowstart 6000 proxy-v2-options authority,crc32c ws h1 pool-low-conn 128 id 1234 pool-purge-delay 10s tcp-ut 2s curves secp384r1 client-sigalgs ECDSA+SHA256:RSA+SHA256 sigalgs ECDSA+SHA256 no-renegotiate log-bufsize 10 set-proxy-v2-tlv-fmt(0x20) %[fc_pp_tlv(0x20)] init-state fully-up idle-ping 10s check-reuse-pool strict-maxconn # my comment
+  server webserv2 192.168.1.1:9300 maxconn 1000 ssl weight 10 inter 2s cookie BLAH slowstart 6000 proxy-v2-options authority,crc32c ws h1 pool-low-conn 128 hash-key akey pool-conn-name apoolconnname no-check-reuse-pool check-pool-conn-name foo renegotiate # {"comment": "my structured comment", "id": "my_random_id_for_server"}
   http-request set-dst hdr(x-dst) # my comment
   http-request set-dst-port int(4000)
   http-request set-uri %[url,regsub(^/metrics/,/,)] if { path_beg /metrics }