MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id.
Previously ssl_fc_unique_id and ssl_bc_unique_id return a string encoded
in base64 of the RFC 5929 TLS unique identifier. This patch modify those fetches
to return directly the ID in the original binary format. The user can make the
choice to encode in base64 using the converter.
i.e. : ssl_fc_unique_id,base64
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3d4aee7..8207067 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -10301,10 +10301,10 @@
Returns the name of the used protocol when the outgoing connection was made
over an SSL/TLS transport layer.
-ssl_bc_unique_id : string
+ssl_bc_unique_id : binary
When the outgoing connection was made over an SSL/TLS transport layer,
- returns a base64 encoded string containing the TLS unique ID as defined
- in RFC5929 section 3.
+ returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+ can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".
ssl_bc_session_id : binary
Returns the SSL ID of the back connection when the outgoing connection was
@@ -10513,10 +10513,10 @@
Returns the name of the used protocol when the incoming connection was made
over an SSL/TLS transport layer.
-ssl_fc_unique_id : string
+ssl_fc_unique_id : binary
When the incoming connection was made over an SSL/TLS transport layer,
- returns a base64 encoded string containing the TLS unique ID as defined
- in RFC5929 section 3.
+ returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+ can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".
ssl_fc_session_id : binary
Returns the SSL ID of the front connection when the incoming connection was
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 19ede39..229290f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -45,7 +45,6 @@
#include <openssl/err.h>
#include <openssl/rand.h>
-#include <common/base64.h>
#include <common/buffer.h>
#include <common/compat.h>
#include <common/config.h>
@@ -2671,9 +2670,7 @@
int back_conn = (kw[4] == 'b') ? 1 : 0;
struct connection *conn;
int finished_len;
- int b64_len;
struct chunk *finished_trash;
- struct chunk *smp_trash;
smp->flags = 0;
@@ -2698,15 +2695,9 @@
if (!finished_len)
return 0;
- smp_trash = get_trash_chunk();
- b64_len = a2base64(finished_trash->str, finished_len, smp_trash->str, smp_trash->size);
- if (b64_len < 0)
- return 0;
-
- smp->data.str.str = smp_trash->str;
- smp->type = SMP_T_STR;
- smp->flags |= SMP_F_CONST;
- smp->data.str.len = b64_len;
+ finished_trash->len = finished_len;
+ smp->data.str = *finished_trash;
+ smp->type = SMP_T_BIN;
return 1;
#else
@@ -3411,7 +3402,7 @@
{ "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5SRV },
{ "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
{ "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
- { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
+ { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
{ "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5SRV },
{ "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
{ "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
@@ -3449,7 +3440,7 @@
{ "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
#endif
{ "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
- { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
+ { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
{ "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
{ "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
{ "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },