From b73a9b039c7d4da4055fb996ed65bbcb8ccfa9e6 Mon Sep 17 00:00:00 2001
From: Emeric Brun <ebrun@exceliance.fr>
Date: Wed, 30 Apr 2014 18:49:19 +0200
Subject: [PATCH] MINOR: ssl: convert to binary ssl_fc_unique_id and
 ssl_bc_unique_id.

Previously ssl_fc_unique_id and ssl_bc_unique_id return a string encoded
in base64 of the RFC 5929 TLS unique identifier. This patch modify those fetches
to return directly the ID in the original binary format. The user can make the
choice to encode in base64 using the converter.

i.e. : ssl_fc_unique_id,base64
---
 doc/configuration.txt | 12 ++++++------
 src/ssl_sock.c        | 19 +++++--------------
 2 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3d4aee702..8207067a2 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -10301,10 +10301,10 @@ ssl_bc_protocol : string
   Returns the name of the used protocol when the outgoing connection was made
   over an SSL/TLS transport layer.
 
-ssl_bc_unique_id : string
+ssl_bc_unique_id : binary
   When the outgoing connection was made over an SSL/TLS transport layer,
-  returns a base64 encoded string containing the TLS unique ID as defined
-  in RFC5929 section 3.
+  returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+  can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".
 
 ssl_bc_session_id : binary
   Returns the SSL ID of the back connection when the outgoing connection was
@@ -10513,10 +10513,10 @@ ssl_fc_protocol : string
   Returns the name of the used protocol when the incoming connection was made
   over an SSL/TLS transport layer.
 
-ssl_fc_unique_id : string
+ssl_fc_unique_id : binary
   When the incoming connection was made over an SSL/TLS transport layer,
-  returns a base64 encoded string containing the TLS unique ID as defined
-  in RFC5929 section 3.
+  returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+  can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".
 
 ssl_fc_session_id : binary
   Returns the SSL ID of the front connection when the incoming connection was
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 19ede3945..229290f86 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -45,7 +45,6 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 
-#include <common/base64.h>
 #include <common/buffer.h>
 #include <common/compat.h>
 #include <common/config.h>
@@ -2671,9 +2670,7 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig
 	int back_conn = (kw[4] == 'b') ? 1 : 0;
 	struct connection *conn;
 	int finished_len;
-	int b64_len;
 	struct chunk *finished_trash;
-	struct chunk *smp_trash;
 
 	smp->flags = 0;
 
@@ -2698,15 +2695,9 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig
 	if (!finished_len)
 		return 0;
 
-	smp_trash = get_trash_chunk();
-	b64_len = a2base64(finished_trash->str, finished_len, smp_trash->str, smp_trash->size);
-	if (b64_len < 0)
-		return 0;
-
-	smp->data.str.str = smp_trash->str;
-	smp->type = SMP_T_STR;
-	smp->flags |= SMP_F_CONST;
-	smp->data.str.len = b64_len;
+	finished_trash->len = finished_len;
+	smp->data.str = *finished_trash;
+	smp->type = SMP_T_BIN;
 
 	return 1;
 #else
@@ -3411,7 +3402,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
 	{ "ssl_bc_alg_keysize",     smp_fetch_ssl_fc_alg_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5SRV },
 	{ "ssl_bc_cipher",          smp_fetch_ssl_fc_cipher,      0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
 	{ "ssl_bc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
-	{ "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
+	{ "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
 	{ "ssl_bc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5SRV },
 	{ "ssl_bc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
 	{ "ssl_c_ca_err",           smp_fetch_ssl_c_ca_err,       0,                   NULL,    SMP_T_UINT, SMP_USE_L5CLI },
@@ -3449,7 +3440,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
 	{ "ssl_fc_alpn",            smp_fetch_ssl_fc_alpn,        0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 #endif
 	{ "ssl_fc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
-	{ "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
+	{ "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
 	{ "ssl_fc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5CLI },
 	{ "ssl_fc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
 	{ "ssl_fc_sni",             smp_fetch_ssl_fc_sni,         0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },