MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx
The SSL functions must not use conn->xprt_ctx anymore but find the context
by calling conn_get_ssl_sock_ctx(), which will properly pass through the
transport layers to retrieve the desired information. Otherwise when the
functions are called on a QUIC connection, they refuse to work for not
being called on the proper transport.
diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index a18d66c..fe2817b 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -25,6 +25,7 @@
#include <haproxy/arg.h>
#include <haproxy/base64.h>
#include <haproxy/buf-t.h>
+#include <haproxy/connection.h>
#include <haproxy/conn_stream.h>
#include <haproxy/obj_type.h>
#include <haproxy/openssl-compat.h>
@@ -491,15 +492,12 @@
static int
smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn;
- struct ssl_sock_ctx *ctx;
+ struct connection *conn = objt_conn(smp->sess->origin);
+ struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
- conn = objt_conn(smp->sess->origin);
- if (!conn || conn->xprt != &ssl_sock)
+ if (!ctx)
return 0;
- ctx = conn->xprt_ctx;
-
if (conn->flags & CO_FL_WAIT_XPRT) {
smp->flags |= SMP_F_MAY_CHANGE;
return 0;
@@ -1177,7 +1175,7 @@
smp->strm ? cs_conn(smp->strm->csb) : NULL;
smp->data.type = SMP_T_BOOL;
- smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
+ smp->data.u.sint = conn_is_ssl(conn);
return 1;
}
@@ -1657,9 +1655,9 @@
conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
smp->strm ? cs_conn(smp->strm->csb) : NULL;
- if (!conn || conn->xprt != &ssl_sock)
+ ctx = conn_get_ssl_sock_ctx(conn);
+ if (!ctx)
return 0;
- ctx = conn->xprt_ctx;
if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
smp->flags = SMP_F_MAY_CHANGE;
@@ -1710,9 +1708,9 @@
conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
smp->strm ? cs_conn(smp->strm->csb) : NULL;
- if (!conn || conn->xprt != &ssl_sock)
+ ctx = conn_get_ssl_sock_ctx(conn);
+ if (!ctx)
return 0;
- ctx = conn->xprt_ctx;
if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
smp->flags = SMP_F_MAY_CHANGE;
@@ -1976,15 +1974,10 @@
static int
smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn;
- struct ssl_sock_ctx *ctx;
-
- conn = objt_conn(smp->sess->origin);
- if (!conn || conn->xprt != &ssl_sock)
- return 0;
- ctx = conn->xprt_ctx;
+ struct connection *conn = objt_conn(smp->sess->origin);
+ struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
- if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
+ if (conn && conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
smp->flags = SMP_F_MAY_CHANGE;
return 0;
}
@@ -2003,18 +1996,13 @@
static int
smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn;
- struct ssl_sock_ctx *ctx;
-
- conn = objt_conn(smp->sess->origin);
- if (!conn || conn->xprt != &ssl_sock)
- return 0;
+ struct connection *conn = objt_conn(smp->sess->origin);
+ struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
- if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
+ if (conn && conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
smp->flags = SMP_F_MAY_CHANGE;
return 0;
}
- ctx = conn->xprt_ctx;
if (!ctx)
return 0;
@@ -2030,20 +2018,14 @@
static int
smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn;
- struct ssl_sock_ctx *ctx;
-
- conn = objt_conn(smp->sess->origin);
- if (!conn || conn->xprt != &ssl_sock)
- return 0;
+ struct connection *conn = objt_conn(smp->sess->origin);
+ struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
- if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
+ if (conn && conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) {
smp->flags = SMP_F_MAY_CHANGE;
return 0;
}
- ctx = conn->xprt_ctx;
-
if (!ctx)
return 0;