mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-02-04 00:41:41 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Add a "flags" field to ssl_sock_ctx.

Browse Source 
Instead of adding more separate fields in ssl_sock_ctx, add a "flags"
one.
Convert the "can_send_early_data" to the flag SSL_SOCK_F_EARLY_ENABLED.
More flags will be added for kTLS support.
This commit is contained in:
Olivier Houchard 2025-08-20 13:30:48 +00:00 committed by Olivier Houchard
parent 3d685fcb7d
commit 2623b7822e
2 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/haproxy/ssl_sock-t.h
View File

@ -246,6 +246,11 @@ struct ssl_keylog {
};
#endif
/*
* ssl_sock_ctx flags
*/
#define SSL_SOCK_F_EARLY_ENABLED (1 << 0) /* We did not start the handshake yet so we can send early data */
struct ssl_sock_ctx {
struct connection *conn;
SSL *ssl;
@ -258,7 +263,7 @@ struct ssl_sock_ctx {
unsigned long error_code; /* last error code of the error stack */
struct buffer early_buf; /* buffer to store the early data received */
int sent_early_data; /* Amount of early data we sent so far */
int can_send_early_data; /* We did not start the handshake yet so we can send early data */
int flags; /* Various flags for the ssl_sock_ctx */
#ifdef USE_QUIC
struct quic_conn *qc;

10
src/ssl_sock.c
View File

@ -5104,7 +5104,7 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
ctx->xprt_st = 0;
ctx->xprt_ctx = NULL;
ctx->error_code = 0;
ctx->can_send_early_data = 1;
ctx->flags = SSL_SOCK_F_EARLY_ENABLED;
next_sslconn = increment_sslconn();
if (!next_sslconn) {
@ -5459,7 +5459,7 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
/* read some data: consider handshake completed */
goto reneg_ok;
}
ctx->can_send_early_data = 0;
ctx->flags &=~ SSL_SOCK_F_EARLY_ENABLED;
ret = SSL_do_handshake(ctx->ssl);
check_error:
if (ret != 1) {
@ -5933,10 +5933,10 @@ static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct bu
#endif
/*
* We have to check can_send_early_data here, as the handshake flags
* We have to check SSL_SOCK_F_EARLY_ENABLED here, as the handshake flags
* may have been removed in case we want to try to send early data.
*/
if (ctx->can_send_early_data ||
if ((ctx->flags & SSL_SOCK_F_EARLY_ENABLED) ||
(conn->flags & (CO_FL_WAIT_XPRT | CO_FL_SSL_WAIT_HS))) {
/* a handshake was requested */
TRACE_LEAVE(SSL_EV_CONN_RECV, conn);
@ -6112,7 +6112,7 @@ static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const s
ctx->xprt_st &= ~SSL_SOCK_SEND_MORE;
#ifdef SSL_READ_EARLY_DATA_SUCCESS
if (ctx->can_send_early_data && conn_is_back(conn)) {
if ((ctx->flags & SSL_SOCK_F_EARLY_ENABLED) && conn_is_back(conn)) {
unsigned int max_early;
if (objt_listener(conn->target))