mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-11-29 06:40:59 +01:00
MINOR: ssl: disable SSL sample fetches when unsupported
Previously these fetches would return empty results when HAProxy was compiled without the requisite SSL support. This results in confusion and problem reports from people who unexpectedly encounter the behavior.
This commit is contained in:
Patrick Hemmer
Willy Tarreau
parent
46deab6e64
commit
419667746b
@ -6868,10 +6868,10 @@ smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char
|
|||||||
* This function is also usable on backend conn if the fetch keyword 5th
|
* This function is also usable on backend conn if the fetch keyword 5th
|
||||||
* char is 'b'.
|
* char is 'b'.
|
||||||
*/
|
*/
|
||||||
|
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
|
||||||
static int
|
static int
|
||||||
smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
||||||
{
|
{
|
||||||
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
|
|
||||||
struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
|
struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
|
||||||
smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
|
smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
|
||||||
SSL_SESSION *ssl_sess;
|
SSL_SESSION *ssl_sess;
|
||||||
@ -6891,15 +6891,14 @@ smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const ch
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
#else
|
|
||||||
return 0;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||||
static int
|
static int
|
||||||
smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
||||||
{
|
{
|
||||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
|
||||||
struct connection *conn;
|
struct connection *conn;
|
||||||
|
|
||||||
smp->flags = SMP_F_CONST;
|
smp->flags = SMP_F_CONST;
|
||||||
@ -6915,10 +6914,8 @@ smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw,
|
|||||||
|
|
||||||
smp->data.u.str.len = strlen(smp->data.u.str.str);
|
smp->data.u.str.len = strlen(smp->data.u.str.str);
|
||||||
return 1;
|
return 1;
|
||||||
#else
|
|
||||||
return 0;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static int
|
static int
|
||||||
smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
||||||
@ -7011,10 +7008,10 @@ smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
|
||||||
static int
|
static int
|
||||||
smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
|
||||||
{
|
{
|
||||||
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
|
|
||||||
struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
|
struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
|
||||||
smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
|
smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
|
||||||
int finished_len;
|
int finished_len;
|
||||||
@ -7043,10 +7040,8 @@ smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const cha
|
|||||||
smp->data.type = SMP_T_BIN;
|
smp->data.type = SMP_T_BIN;
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
#else
|
|
||||||
return 0;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* integer, returns the first verify error in CA chain of client certificate chain. */
|
/* integer, returns the first verify error in CA chain of client certificate chain. */
|
||||||
static int
|
static int
|
||||||
@ -8642,7 +8637,9 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
|
|||||||
{ "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
|
{ "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
|
||||||
{ "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
|
{ "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
|
||||||
{ "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
|
{ "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
|
||||||
|
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
|
||||||
{ "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
|
{ "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
|
||||||
|
#endif
|
||||||
{ "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
|
{ "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
|
||||||
{ "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
|
{ "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
|
||||||
{ "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
|
{ "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
|
||||||
@ -8682,10 +8679,16 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
|
|||||||
{ "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
{ "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
||||||
#endif
|
#endif
|
||||||
{ "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
{ "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
||||||
|
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
|
||||||
{ "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
|
{ "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
|
||||||
|
#endif
|
||||||
{ "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
|
{ "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
|
||||||
|
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
|
||||||
{ "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
|
{ "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
|
||||||
|
#endif
|
||||||
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||||
{ "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
{ "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
||||||
|
#endif
|
||||||
{ "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
{ "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
||||||
{ "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
|
{ "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
|
||||||
{ "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
{ "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user