mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 07:37:02 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Enable error fetches in case of handshake error

Browse Source 
The ssl_c_err, ssl_c_ca_err and ssl_c_ca_err_depth sample fetches values
were not recoverable when the connection failed because of the test
"conn->flags & CO_FL_WAIT_XPRT" (which required the connection to be
established). They could then not be used in a log-format since whenever
they would have sent a non-null value, the value fetching was disabled.
This patch ensures that all these values can be fetched in case of
connection failure.
This commit is contained in:
Remi Tricot-Le Breton 2021-07-29 09:45:50 +02:00 committed by William Lallemand
parent 3d2093af9b
commit 89b65cfd52
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/ssl_sample.c
View File

@ -1342,11 +1342,14 @@ smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *k
return 0; return 0;
ctx = conn->xprt_ctx; ctx = conn->xprt_ctx;
if (conn->flags & CO_FL_WAIT_XPRT) { if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
smp->flags = SMP_F_MAY_CHANGE; smp->flags = SMP_F_MAY_CHANGE;
return 0; return 0;
} }
if (!ctx)
return 0;
smp->data.type = SMP_T_SINT; smp->data.type = SMP_T_SINT;
smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st); smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
smp->flags = SMP_F_VOL_SESS; smp->flags = SMP_F_VOL_SESS;
@ -1365,12 +1368,15 @@ smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const c
if (!conn || conn->xprt != &ssl_sock) if (!conn || conn->xprt != &ssl_sock)
return 0; return 0;
if (conn->flags & CO_FL_WAIT_XPRT) { if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
smp->flags = SMP_F_MAY_CHANGE; smp->flags = SMP_F_MAY_CHANGE;
return 0; return 0;
} }
ctx = conn->xprt_ctx; ctx = conn->xprt_ctx;
if (!ctx)
return 0;
smp->data.type = SMP_T_SINT; smp->data.type = SMP_T_SINT;
smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st); smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
smp->flags = SMP_F_VOL_SESS; smp->flags = SMP_F_VOL_SESS;
@ -1389,13 +1395,16 @@ smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw,
if (!conn || conn->xprt != &ssl_sock) if (!conn || conn->xprt != &ssl_sock)
return 0; return 0;
if (conn->flags & CO_FL_WAIT_XPRT) { if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
smp->flags = SMP_F_MAY_CHANGE; smp->flags = SMP_F_MAY_CHANGE;
return 0; return 0;
} }
ctx = conn->xprt_ctx; ctx = conn->xprt_ctx;
if (!ctx)
return 0;
smp->data.type = SMP_T_SINT; smp->data.type = SMP_T_SINT;
smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st); smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
smp->flags = SMP_F_VOL_SESS; smp->flags = SMP_F_VOL_SESS;