commit 1057beecdabb188ae8c47884dca84eef49fa49be
author Willy Tarreau <w@1wt.eu> Wed Oct 06 11:38:44 2021 +0200
committer Willy Tarreau <w@1wt.eu> Thu Oct 07 01:36:51 2021 +0200
tree 7cf5adc2e9f356cb1cc64c3cd938dd75203e9d78
parent 340ef2502eae2a37781e460d3590982c0e437fbd

REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it

This one doesn't use anything from an SSL context, it only checks the
type of the transport layer of a connection, thus it belongs to
connection.h. This is particularly visible due to all the ifdefs
around it in various call places.

include/haproxy/connection.h

diff --git a/include/haproxy/connection.h b/include/haproxy/connection.h
index a39c717..bd809e1 100644
--- a/include/haproxy/connection.h
+++ b/include/haproxy/connection.h
@@ -1227,6 +1227,16 @@
 	return (flags_u64 << CONN_HASH_PAYLOAD_LEN) | CONN_HASH_GET_PAYLOAD(hash);
 }
 
+/* boolean, returns true if connection is over SSL */
+static inline
+int conn_is_ssl(struct connection *conn)
+{
+	if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
+		return 0;
+	else
+		return 1;
+}
+
 #endif /* _HAPROXY_CONNECTION_H */
 
 /*

include/haproxy/ssl_sock.h

diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index 5593a93..f3afe61 100644
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -145,16 +145,6 @@
 
 SSL *ssl_sock_get_ssl_object(struct connection *conn);
 
-/* boolean, returns true if connection is over SSL */
-static inline
-int ssl_sock_is_ssl(struct connection *conn)
-{
-	if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
-		return 0;
-	else
-		return 1;
-}
-
 
 #endif /* USE_OPENSSL */
 #endif /* _HAPROXY_SSL_SOCK_H */

src/connection.c

diff --git a/src/connection.c b/src/connection.c
index a4a8a8b..eaee319 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -1282,7 +1282,7 @@
 		memset(tlv, 0, sizeof(struct tlv_ssl));
 		ssl_tlv_len += sizeof(struct tlv_ssl);
 		tlv->tlv.type = PP2_TYPE_SSL;
-		if (ssl_sock_is_ssl(remote)) {
+		if (conn_is_ssl(remote)) {
 			tlv->client |= PP2_CLIENT_SSL;
 			value = ssl_sock_get_proto_version(remote);
 			if (value) {

src/mux_fcgi.c

diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c
index 0b29fa0..5ddcd4c 100644
--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@@ -1324,7 +1324,7 @@
 #ifdef USE_OPENSSL
 	if (!(params->mask & FCGI_SP_HTTPS)) {
 		if (cli_conn)
-			params->https = ssl_sock_is_ssl(cli_conn);
+			params->https = conn_is_ssl(cli_conn);
 	}
 #endif
 	if ((params->mask & FCGI_SP_URI_MASK) != FCGI_SP_URI_MASK) {

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8be8c6f..8f7000d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -585,7 +585,7 @@
 
 SSL *ssl_sock_get_ssl_object(struct connection *conn)
 {
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;
 
 	return ((struct ssl_sock_ctx *)(conn->xprt_ctx))->ssl;
@@ -6471,7 +6471,7 @@
 	struct ssl_sock_ctx *ctx;
 	X509 *crt;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return 0;
 
 	ctx = conn->xprt_ctx;
@@ -6491,7 +6491,7 @@
 	__OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
 	X509 *crt;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;
 	ctx = conn->xprt_ctx;
 	crt = SSL_get_certificate(ctx->ssl);
@@ -6507,7 +6507,7 @@
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	struct ssl_sock_ctx *ctx;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;
 	ctx = conn->xprt_ctx;
 	return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
@@ -6521,7 +6521,7 @@
 {
 	struct ssl_sock_ctx *ctx;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;
 	ctx = conn->xprt_ctx;
 	return SSL_get_cipher_name(ctx->ssl);
@@ -6532,7 +6532,7 @@
 {
 	struct ssl_sock_ctx *ctx;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;
 	ctx = conn->xprt_ctx;
 	return SSL_get_version(ctx->ssl);
@@ -6543,7 +6543,7 @@
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 	struct ssl_sock_ctx *ctx;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return;
 	ctx = conn->xprt_ctx;
 	SSL_set_alpn_protos(ctx->ssl, alpn, len);
@@ -6560,7 +6560,7 @@
 
 	char *prev_name;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return;
 	ctx = conn->xprt_ctx;
 
@@ -6597,7 +6597,7 @@
 	};
 	int result = -1;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		goto out;
 	ctx = conn->xprt_ctx;
 
@@ -6624,7 +6624,7 @@
 	struct ssl_sock_ctx *ctx;
 	X509 *crt = NULL;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return 0;
 	ctx = conn->xprt_ctx;
 
@@ -6642,7 +6642,7 @@
 {
 	struct ssl_sock_ctx *ctx;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return 0;
 	ctx = conn->xprt_ctx;
 	return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
@@ -6653,7 +6653,7 @@
 {
 	struct ssl_sock_ctx *ctx;
 
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
 	ctx = conn->xprt_ctx;
 	return (unsigned int)SSL_get_verify_result(ctx->ssl);

src/tcpcheck.c

diff --git a/src/tcpcheck.c b/src/tcpcheck.c
index c34095d..ba8a82a 100644
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c
@@ -2290,7 +2290,7 @@
 			const char *msg = ((rule->connect.options & TCPCHK_OPT_IMPLICIT) ? NULL : "(tcp-check)");
 			enum healthcheck_status status = HCHK_STATUS_L4OK;
 #ifdef USE_OPENSSL
-			if (ssl_sock_is_ssl(conn))
+			if (conn_is_ssl(conn))
 				status = HCHK_STATUS_L6OK;
 #endif
 			set_server_check_status(check, status, msg);