MINOR: peers: Make outgoing connection to SSL/TLS peers work.
This patch adds pointer to a struct server to peer structure which
is initialized after having parsed a remote "peer" line.
After having parsed all peers section we run ->prepare_srv to initialize
all SSL/TLS stuff of remote perr (or server).
Remaining thing to do to completely support peer protocol over SSL/TLS:
make "bind" keyword be supported in "peers" sections to make SSL/TLS
incoming connections to local peers work.
May be backported to 1.5 and newer.
diff --git a/include/proto/peers.h b/include/proto/peers.h
index 9d4aaff..ce4feaa 100644
--- a/include/proto/peers.h
+++ b/include/proto/peers.h
@@ -25,9 +25,35 @@
#include <common/config.h>
#include <common/ticks.h>
#include <common/time.h>
+#include <proto/connection.h>
#include <types/stream.h>
#include <types/peers.h>
+#if defined(USE_OPENSSL)
+static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s)
+{
+ if (p->srv->use_ssl)
+ return &p->srv->obj_type;
+ else
+ return &s->be->obj_type;
+}
+
+static inline struct xprt_ops *peer_xprt(struct peer *p)
+{
+ return p->srv->use_ssl ? xprt_get(XPRT_SSL) : xprt_get(XPRT_RAW);
+}
+#else
+static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s)
+{
+ return &s->be->obj_type;
+}
+
+static inline struct xprt_ops *peer_xprt(struct peer *p)
+{
+ return xprt_get(XPRT_RAW);
+}
+#endif
+
int peers_init_sync(struct peers *peers);
void peers_register_table(struct peers *, struct stktable *table);
void peers_setup_frontend(struct proxy *fe);
diff --git a/include/types/peers.h b/include/types/peers.h
index 58c8c4e..5200d56 100644
--- a/include/types/peers.h
+++ b/include/types/peers.h
@@ -67,6 +67,7 @@
struct shared_table *remote_table;
struct shared_table *last_local_table;
struct shared_table *tables;
+ struct server *srv;
__decl_hathreads(HA_SPINLOCK_T lock); /* lock used to handle this peer section */
struct peer *next; /* next peer in the list */
};
diff --git a/src/cfgparse.c b/src/cfgparse.c
index b8f8fea..a5343ea 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -513,6 +513,7 @@
out:
if (id && !p->id)
p->id = strdup(id);
+ free(p->conf.file);
p->conf.args.file = p->conf.file = strdup(file);
p->conf.args.line = p->conf.line = linenum;
@@ -623,9 +624,10 @@
newpeer->sock_init_arg = NULL;
HA_SPIN_INIT(&newpeer->lock);
- if (strcmp(newpeer->id, localpeer) != 0)
- /* We are done. */
+ if (strcmp(newpeer->id, localpeer) != 0) {
+ newpeer->srv = curpeers->peers_fe->srv;
goto out;
+ }
if (cfg_peers->local) {
ha_alert("parsing [%s:%d] : '%s %s' : local peer name already referenced at %s:%d.\n",
@@ -3633,6 +3635,13 @@
curpeers->peers_fe = NULL;
}
else {
+ p = curpeers->remote;
+ while (p) {
+ if (p->srv && p->srv->use_ssl &&
+ xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
+ cfgerr += xprt_get(XPRT_SSL)->prepare_srv(p->srv);
+ p = p->next;
+ }
if (!peers_init_sync(curpeers)) {
ha_alert("Peers section '%s': out of memory, giving up on peers.\n",
curpeers->id);
diff --git a/src/peers.c b/src/peers.c
index e580f2c..d4d3859 100644
--- a/src/peers.c
+++ b/src/peers.c
@@ -39,6 +39,7 @@
#include <proto/log.h>
#include <proto/hdr_idx.h>
#include <proto/mux_pt.h>
+#include <proto/peers.h>
#include <proto/proxy.h>
#include <proto/session.h>
#include <proto/stream.h>
@@ -1996,10 +1997,10 @@
if (unlikely((cs = cs_new(conn)) == NULL))
goto out_free_conn;
- conn->target = s->target = &s->be->obj_type;
+ conn->target = s->target = peer_session_target(peer, s);
memcpy(&conn->addr.to, &peer->addr, sizeof(conn->addr.to));
- conn_prepare(conn, peer->proto, peer->xprt);
+ conn_prepare(conn, peer->proto, peer_xprt(peer));
conn_install_mux(conn, &mux_pt_ops, cs, s->be, NULL);
si_attach_cs(&s->si[1], cs);