capturing samples / evaluating conditionals (no replies)

Hi,

I'm trying to setup a parallel RSA/ECC setup as described here:
http://blog.haproxy.com/2015/07/15/serving-ecc-and-rsa-certificates-on-same-ip-with-haproxy/
but in my case the sample was never captured and thus the ECC backend
has never
been used until I added something else that depends on a sample, like:

acl foo req_ssl_ver lt 3
tcp-request content reject if foo

So I thought instead of adding something that triggers the sample
capture I
could use something like this:

....
tcp-request inspect-delay 4s
acl HAS_ECC req.ssl_ec_ext eq 1
tcp-request content reject if !HAS_ECC
use_backend ssl-ecc if HAS_ECC
....

That works so far but for some reason the smp_fetch_req_ssl_ec_ext() is
called
twice. On the first call the sample buffer is empty again but on the
second it's
filled with the actual capture and it seems to work.

So my question(s) now:
1. Is/was it really intentional to not evaluate if there's just
something like
"use_backend somebackend if { ... }"

2. Why is the function called twice? That's only when using the ACL
variant.
Using the workaround with req_ssl_ver above just calls it once.


--
Regards,
Christian Ruppert