BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found
The x509_v_err_str converter now outputs the numerical value as a string
when the corresponding constant name was not found.
Must be backported as far as 2.7.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 4cbb7a6..9d4aa3c24 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -19105,6 +19105,9 @@
is useful in ACL in order to have a configuration which works with multiple
version of OpenSSL since some codes might change when changing version.
+ When the corresponding constant name was not found, outputs the numerical
+ value as a string.
+
The list of constant provided by OpenSSL can be found at
https://www.openssl.org/docs/manmaster/man3/X509_STORE_CTX_get_error.html#ERROR-CODES
Be careful to read the page for the right version of OpenSSL.
@@ -19121,6 +19124,9 @@
http-response add-header X-SSL Expired if cert_expired
http-response add-header X-SSL Revoked if cert_revoked
+ http-response add-header X-SSL-verify %[ssl_c_verify,x509_v_err_str]
+
+
7.3.2. Fetching samples from internal states
--------------------------------------------
diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 30a6162..5c6ad1c 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -411,6 +411,17 @@
smp->flags |= SMP_F_CONST;
return 1;
+ } else {
+ struct buffer *smp_trash = get_trash_chunk();
+
+ /* if the conversion failed, output the numbers as string */
+ chunk_printf(smp_trash, "%llu", smp->data.u.sint);
+
+ smp->data.u.str = *smp_trash;
+ smp->data.type = SMP_T_STR;
+ smp->flags &= ~SMP_F_CONST;
+
+ return 1;
}
return 0;