commit 579259d150d50468e7ad8efe917910c090483cce
author Willy Tarreau <w@1wt.eu> Fri Nov 05 19:12:54 2021 +0100
committer Willy Tarreau <w@1wt.eu> Sat Nov 06 09:20:07 2021 +0100
tree f64b3bbe716b1df449d5914a810732d72e3fdc8f
parent 2ed7350f4ca0ce97ceae8fa45b475e1fe1ca8165

MINOR: ssl: make the ssl_fc_sni() sample-fetch function always available

Its definition is enclosed inside an ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
which is defined since OpenSSL 0.9.8. Having it conditioned like this
prevents us from using it by default in a log format, which could cause
an error on an old or exotic library.

Let's just always define it and make the sample fetch fail to return
anything on such libs instead.

src/ssl_sample.c

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index e9098e9..8aaead2 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -1549,10 +1549,10 @@
 }
 #endif
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 static int
 smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	struct connection *conn;
 	SSL *ssl;
 
@@ -1570,8 +1570,11 @@
 
 	smp->data.u.str.data = strlen(smp->data.u.str.area);
 	return 1;
-}
+#else
+	/* SNI not supported */
+	return 0;
 #endif
+}
 
 /* binary, returns tls client hello cipher list.
  * Arguments: filter_option (0,1)
@@ -2190,9 +2193,7 @@
 	{ "ssl_fc_early_exporter_secret",           smp_fetch_ssl_x_keylog,       0,   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 #endif
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	{ "ssl_fc_sni",             smp_fetch_ssl_fc_sni,         0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
-#endif
 	{ "ssl_fc_cipherlist_bin",  smp_fetch_ssl_fc_cl_bin,      ARG1(0,SINT),        NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 	{ "ssl_fc_cipherlist_hex",  smp_fetch_ssl_fc_cl_hex,      ARG1(0,SINT),        NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
 	{ "ssl_fc_cipherlist_str",  smp_fetch_ssl_fc_cl_str,      ARG1(0,SINT),        NULL,    SMP_T_STR,  SMP_USE_L5CLI },