Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 74f7ffa229bcfaba393da81f9199d77d14c309ec^! / .
commit74f7ffa229bcfaba393da81f9199d77d14c309ec[log] [tgz]
authorEmeric Brun <ebrun@haproxy.com>Mon Feb 19 16:14:12 2018 +0100
committerWilly Tarreau <w@1wt.eu>Mon Feb 19 16:50:20 2018 +0100
tree0d0f6c532e05a53ddf1f7e4753a97688d2cd25fd
parenteb8def9f34c37537d56a69fcd211d4c4c8006bea [diff]
MINOR: ssl/sample: adds ssl_bc_is_resumed fetch keyword.

Returns true when the back connection was made over an SSL/TLS transport
layer and the newly created SSL session was resumed using a cached
session or a TLS ticket.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 14d7063..b770b5c 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -14412,6 +14412,11 @@
   Returns the name of the used cipher when the outgoing connection was made
   over an SSL/TLS transport layer.
 
+ssl_bc_is_resumed : boolean
+  Returns true when the back connection was made over an SSL/TLS transport
+  layer and the newly created SSL session was resumed using a cached
+  session or a TLS ticket.
+
 ssl_bc_protocol : string
   Returns the name of the used protocol when the outgoing connection was made
   over an SSL/TLS transport layer.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6f1c113..fc1ead1 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -6603,11 +6603,16 @@
 #endif
 }
 
-/* boolean, returns true if client session has been resumed */
+/* boolean, returns true if client session has been resumed.
+ * This function is also usable on backend conn if the fetch keyword 5th
+ * char is 'b'.
+ */
 static int
 smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-	struct connection *conn = objt_conn(smp->sess->origin);
+	struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+	                                    smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
 
 	smp->data.type = SMP_T_BOOL;
 	smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
@@ -8519,6 +8524,7 @@
 	{ "ssl_bc",                 smp_fetch_ssl_fc,             0,                   NULL,    SMP_T_BOOL, SMP_USE_L5SRV },
 	{ "ssl_bc_alg_keysize",     smp_fetch_ssl_fc_alg_keysize, 0,                   NULL,    SMP_T_SINT, SMP_USE_L5SRV },
 	{ "ssl_bc_cipher",          smp_fetch_ssl_fc_cipher,      0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
+	{ "ssl_bc_is_resumed",      smp_fetch_ssl_fc_is_resumed,  0,                   NULL,    SMP_T_BOOL, SMP_USE_L5SRV },
 	{ "ssl_bc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
 	{ "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
 	{ "ssl_bc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_SINT, SMP_USE_L5SRV },