Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 4450b587dd3065d22678d537d1082ec2567e98a8^! / . / include / types / connection.h
commit4450b587dd3065d22678d537d1082ec2567e98a8[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Thu Jan 23 15:23:13 2020 +0100
committerWilly Tarreau <w@1wt.eu>Thu Jan 23 16:34:26 2020 +0100
treed1997c1d1d4f5c8881ecde791cc49f8c4806a4b5
parent18955db43dd242c96f81f248b11ae56e01a21e89 [diff] [blame]
MINOR: connection: remove CO_FL_SSL_WAIT_HS from CO_FL_HANDSHAKE

Most places continue to check CO_FL_HANDSHAKE while in fact they should
check CO_FL_HANDSHAKE_NOSSL, which contains all handshakes but the one
dedicated to SSL renegotiation. In fact the SSL layer should be the
only one checking CO_FL_SSL_WAIT_HS, so as to avoid processing data
when a renegotiation is in progress, but other ones randomly include it
without knowing. And ideally it should even be an internal flag that's
not exposed in the connection.

This patch takes CO_FL_SSL_WAIT_HS out of CO_FL_HANDSHAKE, uses this flag
consistently all over the code, and gets rid of CO_FL_HANDSHAKE_NOSSL.

In order to limit the confusion that has accumulated over time, the
CO_FL_SSL_WAIT_HS flag which indicates an ongoing SSL handshake,
possibly used by a renegotiation was moved after the other ones.

diff --git a/include/types/connection.h b/include/types/connection.h
index 22e4ed6..0e98b64 100644
--- a/include/types/connection.h
+++ b/include/types/connection.h

@@ -182,18 +182,18 @@
 	CO_FL_WAIT_L6_CONN  = 0x00800000,  /* waiting for L6 to be connected (eg: SSL) */
 	CO_FL_WAIT_L4L6     = 0x00C00000,  /* waiting for L4 and/or L6 to be connected */
 
-	/*** All the flags below are used for connection handshakes. Any new
+	/* All the flags below are used for connection handshakes. Any new
 	 * handshake should be added after this point, and CO_FL_HANDSHAKE
 	 * should be updated.
 	 */
 	CO_FL_SEND_PROXY    = 0x01000000,  /* send a valid PROXY protocol header */
-	CO_FL_SSL_WAIT_HS   = 0x02000000,  /* wait for an SSL handshake to complete */
-	CO_FL_ACCEPT_PROXY  = 0x04000000,  /* receive a valid PROXY protocol header */
-	CO_FL_ACCEPT_CIP    = 0x08000000,  /* receive a valid NetScaler Client IP header */
+	CO_FL_ACCEPT_PROXY  = 0x02000000,  /* receive a valid PROXY protocol header */
+	CO_FL_ACCEPT_CIP    = 0x04000000,  /* receive a valid NetScaler Client IP header */
 
 	/* below we have all handshake flags grouped into one */
-	CO_FL_HANDSHAKE     = CO_FL_SEND_PROXY | CO_FL_SSL_WAIT_HS | CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV,
-	CO_FL_HANDSHAKE_NOSSL = CO_FL_SEND_PROXY | CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV,
+	CO_FL_HANDSHAKE     = CO_FL_SEND_PROXY | CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV,
+
+	CO_FL_SSL_WAIT_HS   = 0x08000000,  /* wait for an SSL handshake to complete */
 
 	/* This connection may not be shared between clients */
 	CO_FL_PRIVATE       = 0x10000000,