diff --git a/src/ssl_sock.c b/src/ssl_sock.c index e48bbec58..fb12ca87e 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -260,6 +260,7 @@ struct ssl_capture { }; struct pool_head *pool_head_ssl_capture = NULL; static int ssl_capture_ptr_index = -1; +static int ssl_app_data_index = -1; static int ssl_pkey_info_index = -1; @@ -824,7 +825,7 @@ static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned int i; int ret = -1; /* error by default */ - conn = SSL_get_app_data(s); + conn = SSL_get_ex_data(s, ssl_app_data_index); ref = objt_listener(conn->target)->bind_conf->keys_ref; HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock); @@ -1388,7 +1389,7 @@ out: void ssl_sock_infocbk(const SSL *ssl, int where, int ret) { - struct connection *conn = SSL_get_app_data(ssl); + struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); BIO *write_bio; (void)ret; /* shut gcc stupid warning */ @@ -1426,7 +1427,7 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store) int err, depth; ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx()); - conn = SSL_get_app_data(ssl); + conn = SSL_get_ex_data(ssl, ssl_app_data_index); conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE; @@ -1574,7 +1575,7 @@ void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf /* test heartbeat received (write_p is set to 0 for a received record) */ if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) { - struct connection *conn = SSL_get_app_data(ssl); + struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); const unsigned char *p = buf; unsigned int payload; @@ -1902,7 +1903,7 @@ static int ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl) { unsigned int key; - struct connection *conn = SSL_get_app_data(ssl); + struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); conn_get_to_addr(conn); if (conn->flags & CO_FL_ADDR_TO_SET) { @@ -2106,7 +2107,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg) int allow_early = 0; int i; - conn = SSL_get_app_data(ssl); + conn = SSL_get_ex_data(ssl, ssl_app_data_index); s = objt_listener(conn->target)->bind_conf; if (s->ssl_conf.early_data) @@ -3890,7 +3891,7 @@ static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_ /* SSL callback used when a new session is created while connecting to a server */ static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess) { - struct connection *conn = SSL_get_app_data(ssl); + struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); struct server *s; s = objt_server(conn->target); @@ -4387,7 +4388,7 @@ static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx) return ok; ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); - conn = SSL_get_app_data(ssl); + conn = SSL_get_ex_data(ssl, ssl_app_data_index); /* We're checking if the provided hostnames match the desired one. The * desired hostname comes from the SNI we presented if any, or if not @@ -4962,7 +4963,7 @@ static int ssl_sock_init(struct connection *conn) } /* set connection pointer */ - if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) { SSL_free(conn->xprt_ctx); conn->xprt_ctx = NULL; if (may_retry--) { @@ -5021,7 +5022,7 @@ static int ssl_sock_init(struct connection *conn) } /* set connection pointer */ - if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) { SSL_free(conn->xprt_ctx); conn->xprt_ctx = NULL; if (may_retry--) { @@ -8964,6 +8965,7 @@ static void __ssl_sock_init(void) #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER) sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func); #endif + ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func); ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL); sample_register_fetches(&sample_fetch_keywords);