diff --git a/doc/configuration.txt b/doc/configuration.txt index 3d4aee702..8207067a2 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -10301,10 +10301,10 @@ ssl_bc_protocol : string Returns the name of the used protocol when the outgoing connection was made over an SSL/TLS transport layer. -ssl_bc_unique_id : string +ssl_bc_unique_id : binary When the outgoing connection was made over an SSL/TLS transport layer, - returns a base64 encoded string containing the TLS unique ID as defined - in RFC5929 section 3. + returns the TLS unique ID as defined in RFC5929 section 3. The unique id + can be encoded to base64 using the converter: "ssl_bc_unique_id,base64". ssl_bc_session_id : binary Returns the SSL ID of the back connection when the outgoing connection was @@ -10513,10 +10513,10 @@ ssl_fc_protocol : string Returns the name of the used protocol when the incoming connection was made over an SSL/TLS transport layer. -ssl_fc_unique_id : string +ssl_fc_unique_id : binary When the incoming connection was made over an SSL/TLS transport layer, - returns a base64 encoded string containing the TLS unique ID as defined - in RFC5929 section 3. + returns the TLS unique ID as defined in RFC5929 section 3. The unique id + can be encoded to base64 using the converter: "ssl_bc_unique_id,base64". ssl_fc_session_id : binary Returns the SSL ID of the front connection when the incoming connection was diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 19ede3945..229290f86 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -45,7 +45,6 @@ #include #include -#include #include #include #include @@ -2671,9 +2670,7 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig int back_conn = (kw[4] == 'b') ? 1 : 0; struct connection *conn; int finished_len; - int b64_len; struct chunk *finished_trash; - struct chunk *smp_trash; smp->flags = 0; @@ -2698,15 +2695,9 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig if (!finished_len) return 0; - smp_trash = get_trash_chunk(); - b64_len = a2base64(finished_trash->str, finished_len, smp_trash->str, smp_trash->size); - if (b64_len < 0) - return 0; - - smp->data.str.str = smp_trash->str; - smp->type = SMP_T_STR; - smp->flags |= SMP_F_CONST; - smp->data.str.len = b64_len; + finished_trash->len = finished_len; + smp->data.str = *finished_trash; + smp->type = SMP_T_BIN; return 1; #else @@ -3411,7 +3402,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5SRV }, { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV }, { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV }, - { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_STR, SMP_USE_L5SRV }, + { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV }, { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5SRV }, { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV }, { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI }, @@ -3449,7 +3440,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI }, #endif { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI }, - { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_STR, SMP_USE_L5CLI }, + { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI }, { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI }, { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI }, { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },