diff --git a/include/types/connection.h b/include/types/connection.h index 22e4ed6e0..0e98b64a2 100644 --- a/include/types/connection.h +++ b/include/types/connection.h @@ -182,18 +182,18 @@ enum { CO_FL_WAIT_L6_CONN = 0x00800000, /* waiting for L6 to be connected (eg: SSL) */ CO_FL_WAIT_L4L6 = 0x00C00000, /* waiting for L4 and/or L6 to be connected */ - /*** All the flags below are used for connection handshakes. Any new + /* All the flags below are used for connection handshakes. Any new * handshake should be added after this point, and CO_FL_HANDSHAKE * should be updated. */ CO_FL_SEND_PROXY = 0x01000000, /* send a valid PROXY protocol header */ - CO_FL_SSL_WAIT_HS = 0x02000000, /* wait for an SSL handshake to complete */ - CO_FL_ACCEPT_PROXY = 0x04000000, /* receive a valid PROXY protocol header */ - CO_FL_ACCEPT_CIP = 0x08000000, /* receive a valid NetScaler Client IP header */ + CO_FL_ACCEPT_PROXY = 0x02000000, /* receive a valid PROXY protocol header */ + CO_FL_ACCEPT_CIP = 0x04000000, /* receive a valid NetScaler Client IP header */ /* below we have all handshake flags grouped into one */ - CO_FL_HANDSHAKE = CO_FL_SEND_PROXY | CO_FL_SSL_WAIT_HS | CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV, - CO_FL_HANDSHAKE_NOSSL = CO_FL_SEND_PROXY | CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV, + CO_FL_HANDSHAKE = CO_FL_SEND_PROXY | CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV, + + CO_FL_SSL_WAIT_HS = 0x08000000, /* wait for an SSL handshake to complete */ /* This connection may not be shared between clients */ CO_FL_PRIVATE = 0x10000000, diff --git a/src/backend.c b/src/backend.c index 809fdd0a4..97a62eb46 100644 --- a/src/backend.c +++ b/src/backend.c @@ -1471,7 +1471,7 @@ int connect_server(struct stream *s) /* The CO_FL_SEND_PROXY flag may have been set by the connect method, * if so, add our handshake pseudo-XPRT now. */ - if ((srv_conn->flags & CO_FL_HANDSHAKE_NOSSL)) { + if ((srv_conn->flags & CO_FL_HANDSHAKE)) { if (xprt_add_hs(srv_conn) < 0) { conn_full_close(srv_conn); return SF_ERR_INTERNAL; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index d61e87200..dafd258e8 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -6517,7 +6517,7 @@ static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct bu } #endif - if (conn->flags & CO_FL_HANDSHAKE) + if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_SSL_WAIT_HS)) /* a handshake was requested */ return 0; @@ -6628,7 +6628,7 @@ static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const s if (!ctx) goto out_error; - if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS)) + if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_SSL_WAIT_HS | CO_FL_EARLY_SSL_HS)) /* a handshake was requested */ return 0; @@ -6830,7 +6830,7 @@ static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean) { struct ssl_sock_ctx *ctx = xprt_ctx; - if (conn->flags & CO_FL_HANDSHAKE) + if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_SSL_WAIT_HS)) return; if (!clean) /* don't sent notify on SSL_shutdown */ diff --git a/src/tcp_rules.c b/src/tcp_rules.c index aa713c59e..f56129ae1 100644 --- a/src/tcp_rules.c +++ b/src/tcp_rules.c @@ -468,7 +468,7 @@ int tcp_exec_l4_rules(struct session *sess) goto end; } else if (rule->action == ACT_TCP_EXPECT_PX) { - if (!(conn->flags & (CO_FL_HANDSHAKE_NOSSL))) { + if (!(conn->flags & CO_FL_HANDSHAKE)) { if (xprt_add_hs(conn) < 0) { result = 0; goto end; @@ -477,7 +477,7 @@ int tcp_exec_l4_rules(struct session *sess) conn->flags |= CO_FL_ACCEPT_PROXY; } else if (rule->action == ACT_TCP_EXPECT_CIP) { - if (!(conn->flags & (CO_FL_HANDSHAKE_NOSSL))) { + if (!(conn->flags & CO_FL_HANDSHAKE)) { if (xprt_add_hs(conn) < 0) { result = 0; goto end; diff --git a/src/xprt_handshake.c b/src/xprt_handshake.c index 8cd63a12f..89446af37 100644 --- a/src/xprt_handshake.c +++ b/src/xprt_handshake.c @@ -82,7 +82,7 @@ out: * connection error * */ if ((conn->flags & CO_FL_ERROR) || - !(conn->flags & CO_FL_HANDSHAKE_NOSSL)) { + !(conn->flags & CO_FL_HANDSHAKE)) { int ret = 0; int woke = 0; int was_conn_ctx = 0; @@ -185,7 +185,7 @@ static void xprt_handshake_close(struct connection *conn, void *xprt_ctx) * to fallback to the original XPRT to re-initiate the * connection. */ - conn->flags &= ~CO_FL_HANDSHAKE_NOSSL; + conn->flags &= ~CO_FL_HANDSHAKE; if (conn->xprt == xprt_get(XPRT_HANDSHAKE)) conn->xprt = xprt_get(XPRT_RAW); tasklet_free(ctx->wait_event.tasklet);