mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 15:47:01 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Add ssllib_name_startswith precondition

Browse Source 
This new ssllib_name_startswith precondition check can be used to
distinguish application linked with OpenSSL from the ones linked with
other SSL libraries (LibreSSL or BoringSSL namely). This check takes a
string as input and returns 1 when the SSL library's name starts with
the given string. It is based on the OpenSSL_version function which
returns the same output as the "openssl version" command.
This commit is contained in:
Remi Tricot-Le Breton 2021-10-11 15:34:12 +02:00 committed by William Lallemand
parent 1ac65f8668
commit b01179aa92
4 changed files with 45 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
include/haproxy/cfgcond-t.h
View File

@ -43,15 +43,16 @@ enum nested_cond_state {
/* supported conditional predicates for .if/.elif */ /* supported conditional predicates for .if/.elif */
enum cond_predicate { enum cond_predicate {
CFG_PRED_NONE, // none CFG_PRED_NONE, // none
CFG_PRED_DEFINED, // "defined" CFG_PRED_DEFINED, // "defined"
CFG_PRED_FEATURE, // "feature" CFG_PRED_FEATURE, // "feature"
CFG_PRED_STREQ, // "streq" CFG_PRED_STREQ, // "streq"
CFG_PRED_STRNEQ, // "strneq" CFG_PRED_STRNEQ, // "strneq"
CFG_PRED_VERSION_ATLEAST, // "version_atleast" CFG_PRED_VERSION_ATLEAST, // "version_atleast"
CFG_PRED_VERSION_BEFORE, // "version_before" CFG_PRED_VERSION_BEFORE, // "version_before"
CFG_PRED_OSSL_VERSION_ATLEAST, // "openssl_version_atleast" CFG_PRED_OSSL_VERSION_ATLEAST, // "openssl_version_atleast"
CFG_PRED_OSSL_VERSION_BEFORE, // "openssl_version_before" CFG_PRED_OSSL_VERSION_BEFORE, // "openssl_version_before"
CFG_PRED_SSLLIB_NAME_STARTSWITH, // "ssllib_name_startswith"
}; };
/* types for condition terms */ /* types for condition terms */

2
include/haproxy/tools.h
View File

@ -1096,5 +1096,7 @@ static inline void update_char_fingerprint(uint8_t *fp, char prev, char curr)
/* compare the current OpenSSL version to a string */ /* compare the current OpenSSL version to a string */
int openssl_compare_current_version(const char *version); int openssl_compare_current_version(const char *version);
/* compare the current OpenSSL name to a string */
int openssl_compare_current_name(const char *name);
#endif /* _HAPROXY_TOOLS_H */ #endif /* _HAPROXY_TOOLS_H */

21
src/cfgcond.c
View File

@ -18,14 +18,15 @@
/* supported condition predicates */ /* supported condition predicates */
const struct cond_pred_kw cond_predicates[] = { const struct cond_pred_kw cond_predicates[] = {
{ "defined", CFG_PRED_DEFINED, ARG1(1, STR) }, { "defined", CFG_PRED_DEFINED, ARG1(1, STR) },
{ "feature", CFG_PRED_FEATURE, ARG1(1, STR) }, { "feature", CFG_PRED_FEATURE, ARG1(1, STR) },
{ "streq", CFG_PRED_STREQ, ARG2(2, STR, STR) }, { "streq", CFG_PRED_STREQ, ARG2(2, STR, STR) },
{ "strneq", CFG_PRED_STRNEQ, ARG2(2, STR, STR) }, { "strneq", CFG_PRED_STRNEQ, ARG2(2, STR, STR) },
{ "version_atleast", CFG_PRED_VERSION_ATLEAST, ARG1(1, STR) }, { "version_atleast", CFG_PRED_VERSION_ATLEAST, ARG1(1, STR) },
{ "version_before", CFG_PRED_VERSION_BEFORE, ARG1(1, STR) }, { "version_before", CFG_PRED_VERSION_BEFORE, ARG1(1, STR) },
{ "openssl_version_atleast", CFG_PRED_OSSL_VERSION_ATLEAST, ARG1(1, STR) }, { "openssl_version_atleast", CFG_PRED_OSSL_VERSION_ATLEAST, ARG1(1, STR) },
{ "openssl_version_before", CFG_PRED_OSSL_VERSION_BEFORE, ARG1(1, STR) }, { "openssl_version_before", CFG_PRED_OSSL_VERSION_BEFORE, ARG1(1, STR) },
{ "ssllib_name_startswith", CFG_PRED_SSLLIB_NAME_STARTSWITH, ARG1(1, STR) },
{ NULL, CFG_PRED_NONE, 0 } { NULL, CFG_PRED_NONE, 0 }
}; };
@ -250,6 +251,10 @@ int cfg_eval_cond_term(const struct cfg_cond_term *term, char **err)
ret = opensslret > 0; ret = opensslret > 0;
break; break;
} }
case CFG_PRED_SSLLIB_NAME_STARTSWITH: { // checks if the current SSL library's name starts with a specified string (can be used to distinguish OpenSSL from LibreSSL or BoringSSL)
ret = openssl_compare_current_name(term->args[0].data.str.area) == 0;
break;
}
default: default:
memprintf(err, "internal error: unhandled conditional expression predicate '%s'", term->pred->word); memprintf(err, "internal error: unhandled conditional expression predicate '%s'", term->pred->word);
break; break;

20
src/tools.c
View File

@ -5624,6 +5624,26 @@ int openssl_compare_current_version(const char *version)
#endif #endif
} }
/*
* This function compares the loaded openssl name with a string <name>
* This function returns 0 if the OpenSSL name starts like the passed parameter,
* 1 otherwise.
*/
int openssl_compare_current_name(const char *name)
{
#ifdef USE_OPENSSL
int name_len = 0;
const char *openssl_version = OpenSSL_version(OPENSSL_VERSION);
if (name) {
name_len = strlen(name);
if (strlen(name) <= strlen(openssl_version))
return strncmp(openssl_version, name, name_len);
}
#endif
return 1;
}
static int init_tools_per_thread() static int init_tools_per_thread()
{ {
/* Let's make each thread start from a different position */ /* Let's make each thread start from a different position */