MINOR: checks: Add support of server side ssl sample fetches
SSL sample fetches acting on the server connection can now be called from any
sample expression or log-format string in a tcp-check based ruleset. ssl_bc and
ssl_bc_* sample fetches are concerned.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c4f9a86..dfaea05 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -8468,8 +8468,13 @@
static int
smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ struct connection *conn;
+
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
smp->data.type = SMP_T_BOOL;
smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
@@ -8501,10 +8506,16 @@
static int
smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
- struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
+ struct connection *conn;
+ struct ssl_sock_ctx *ctx;
+
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ ctx = conn ? conn->xprt_ctx : NULL;
smp->data.type = SMP_T_BOOL;
smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
@@ -8520,10 +8531,15 @@
static int
smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ struct connection *conn;
struct ssl_sock_ctx *ctx;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
smp->flags = 0;
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
@@ -8548,11 +8564,16 @@
static int
smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ struct connection *conn;
struct ssl_sock_ctx *ctx;
int sint;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
smp->flags = 0;
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
@@ -8574,10 +8595,15 @@
static int
smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ struct connection *conn;
struct ssl_sock_ctx *ctx;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
smp->flags = 0;
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
@@ -8603,8 +8629,12 @@
smp->flags = SMP_F_CONST;
smp->data.type = SMP_T_STR;
- conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
ctx = conn->xprt_ctx;
@@ -8633,8 +8663,11 @@
smp->flags = SMP_F_CONST;
smp->data.type = SMP_T_STR;
- conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
@@ -8660,10 +8693,15 @@
static int
smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ struct connection *conn;
struct ssl_sock_ctx *ctx;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
smp->flags = 0;
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
@@ -8688,8 +8726,7 @@
static int
smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ struct connection *conn;
SSL_SESSION *ssl_sess;
struct ssl_sock_ctx *ctx;
unsigned int len = 0;
@@ -8697,6 +8734,12 @@
smp->flags = SMP_F_CONST;
smp->data.type = SMP_T_BIN;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
ctx = conn->xprt_ctx;
@@ -8719,11 +8762,16 @@
static int
smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ struct connection *conn;
struct buffer *data;
struct ssl_sock_ctx *ctx;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
ctx = conn->xprt_ctx;
@@ -8750,12 +8798,17 @@
static int
smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ struct connection *conn;
SSL_SESSION *ssl_sess;
struct buffer *data;
struct ssl_sock_ctx *ctx;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
ctx = conn->xprt_ctx;
@@ -8903,12 +8956,17 @@
static int
smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
- smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+ struct connection *conn;
int finished_len;
struct buffer *finished_trash;
struct ssl_sock_ctx *ctx;
+ if (smp->sess && obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+ conn = (kw[4] != 'b') ? cs_conn(__objt_check(smp->sess->origin)->cs) : NULL;
+ else
+ conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
smp->flags = 0;
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;