Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / fe68f682b1229a828c565e6825e2f8b881cac50f^! / .
commitfe68f682b1229a828c565e6825e2f8b881cac50f[log] [tgz]
authorEmeric Brun <ebrun@exceliance.fr>Tue Oct 16 14:59:28 2012 +0200
committerWilly Tarreau <w@1wt.eu>Fri Oct 26 15:07:59 2012 +0200
treeb57a05b836beb8a457a73315f36cc9569b346ae9
parent589fcadbd9cc4b2b7ddaed739a3fa5ef7fcfd793 [diff]
MINOR: ssl: add pattern fetch 'ssl_fc_session_id'

This fetch returns the SSL ID of the front connection. Useful to stick
on a given client.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 6450042..88fe71a 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -9094,6 +9094,11 @@
                Returns the name of the used protocol when the incoming connection
                was made over an SSL/TLS transport layer.
 
+  ssl_fc_session_id
+               Returns the SSL ID of the front connection when the incoming
+               connection was made over an SSL/TLS transport layer. Useful to
+               stick on a given client.
+
   ssl_fc_sni   This extracts the Server Name Indication field from an incoming
                connection made via an SSL/TLS transport layer and locally
                deciphered by haproxy. The result typically is a string matching

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 650b281..71d5c51 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -1240,6 +1240,33 @@
 }
 
 static int
+smp_fetch_ssl_fc_session_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
+                            const struct arg *args, struct sample *smp)
+{
+#if OPENSSL_VERSION_NUMBER > 0x0090800fL
+	SSL_SESSION *sess;
+
+	smp->flags = 0;
+	smp->type = SMP_T_CBIN;
+
+	if (!l4 || !l4->si[0].conn.xprt_ctx || l4->si[0].conn.xprt != &ssl_sock)
+		return 0;
+
+	sess = SSL_get_session(l4->si[0].conn.xprt_ctx);
+	if (!sess)
+		return 0;
+
+	smp->data.str.str = (char *)SSL_SESSION_get_id(sess, (unsigned int *)&smp->data.str.len);
+	if (!smp->data.str.str || !&smp->data.str.len)
+		return 0;
+
+	return 1;
+#else
+	return 0;
+#endif
+}
+
+static int
 smp_fetch_ssl_fc_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
                      const struct arg *args, struct sample *smp)
 {
@@ -1842,6 +1869,7 @@
 #endif
 	{ "ssl_fc_protocol",        smp_fetch_ssl_fc_protocol,    0,    NULL,    SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
 	{ "ssl_fc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,    NULL,    SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
+	{ "ssl_fc_session_id",      smp_fetch_ssl_fc_session_id,  0,    NULL,    SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES },
 	{ "ssl_fc_sni",             smp_fetch_ssl_fc_sni,         0,    NULL,    SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
 	{ NULL, NULL, 0, 0, 0 },
 }};