commit c7c8ef448bc8832998606ec217907c7dc66fec6c
from: Omar Polo <op@omarpolo.com>
date: Sat Jan 01 19:04:50 2022 UTC

add `protocols' option to `proxy' rule

commit - 5128c0b0e3b51737783c4c68c9e34a76ec8c8b0e
commit + c7c8ef448bc8832998606ec217907c7dc66fec6c
blob - 5f6b000d448e4bd597c4e0704733418c6c1a3e4a
blob + d02811520afc65b1f7e15aecd289f6608fd2daed
--- gmid.h
+++ gmid.h
@@ -100,6 +100,7 @@ extern struct fcgi fcgi[FCGI_MAX];
 struct proxy {
 	char		*host;
 	const char	*port;
+	uint32_t	 protocols;
 	int		 noverifyname;
 	uint8_t		*cert;
 	size_t		 certlen;
blob - d21500672c4d2f4947b4c517dce81d052c0e3820
blob + 6359227df8680bb34dbb84cb46eab049ebf2b502
--- parse.y
+++ parse.y
@@ -308,6 +308,12 @@ proxy_opt	: CERT string {
 			p->key = tls_load_file($2, &p->keylen, NULL);
 			if (p->key == NULL)
 				yyerror("can't load key %s", $2);
+		}
+		| PROTOCOLS string {
+			struct proxy *p = &host->proxy;
+
+			if (tls_config_parse_protocols(&p->protocols, $2) == -1)
+				yyerror("invalid protocols string \"%s\"", $2);
 		}
 		| RELAY_TO string {
 			char		*at;
@@ -961,7 +967,11 @@ symget(const char *nam)
 struct vhost *
 new_vhost(void)
 {
-	return xcalloc(1, sizeof(struct vhost));
+	struct vhost *v;
+
+	v = xcalloc(1, sizeof(*v));
+	v->proxy.protocols = TLS_PROTOCOLS_DEFAULT;
+	return v;
 }
 
 struct location *
blob - 87791deac3d9c75cb89b0928b32b794dba64725e
blob + 7face977e4f7d69f0ea49079d7f6c56fe28fa017
--- proxy.c
+++ proxy.c
@@ -295,8 +295,8 @@ proxy_init(struct client *c)
 	if (p->noverifyname)
 		tls_config_insecure_noverifyname(conf);
 
-	/* TODO: tls_config_set_protocols here */
 	tls_config_insecure_noverifycert(conf);
+	tls_config_set_protocols(conf, p->protocols);
 
 	if (p->cert != NULL) {
 		int r;