From 01da571e21b47ad6cd26d034477bf144f9b99f9f Mon Sep 17 00:00:00 2001 From: Emmanuel Hocdet Date: Fri, 13 Oct 2017 16:59:49 +0200 Subject: [PATCH] MINOR: merge ssl_sock_get calls for log and ppv2 Merge ssl_sock_get_version and ssl_sock_get_proto_version. Change ssl_sock_get_cipher to be used in ppv2. --- include/proto/ssl_sock.h | 1 - src/connection.c | 4 ++-- src/log.c | 6 ++---- src/ssl_sock.c | 18 ++++++------------ 4 files changed, 10 insertions(+), 19 deletions(-) diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h index 8779770e3..86ad137a9 100644 --- a/include/proto/ssl_sock.h +++ b/include/proto/ssl_sock.h @@ -52,7 +52,6 @@ int ssl_sock_load_ca(struct bind_conf *bind_conf); void ssl_sock_free_ca(struct bind_conf *bind_conf); const char *ssl_sock_get_cipher_name(struct connection *conn); const char *ssl_sock_get_proto_version(struct connection *conn); -char *ssl_sock_get_version(struct connection *conn); void ssl_sock_set_servername(struct connection *conn, const char *hostname); int ssl_sock_get_cert_used_sess(struct connection *conn); int ssl_sock_get_cert_used_conn(struct connection *conn); diff --git a/src/connection.c b/src/connection.c index a29bc2c32..012f805d3 100644 --- a/src/connection.c +++ b/src/connection.c @@ -980,7 +980,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec struct sockaddr_storage *dst = &null_addr; #ifdef USE_OPENSSL - char *value = NULL; + const char *value = NULL; struct tlv_ssl *tlv; int ssl_tlv_len = 0; struct chunk *cn_trash; @@ -1035,7 +1035,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec tlv->tlv.type = PP2_TYPE_SSL; if (ssl_sock_is_ssl(remote)) { tlv->client |= PP2_CLIENT_SSL; - value = ssl_sock_get_version(remote); + value = ssl_sock_get_proto_version(remote); if (value) { ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len-ret-ssl_tlv_len), PP2_SUBTYPE_SSL_VERSION, strlen(value), value); } diff --git a/src/log.c b/src/log.c index 520263a71..2af9050a9 100644 --- a/src/log.c +++ b/src/log.c @@ -1667,8 +1667,7 @@ int build_logline(struct stream *s, char *dst, size_t maxsize, struct list *list src = NULL; conn = objt_conn(sess->origin); if (conn) { - if (sess->listener->bind_conf->xprt == xprt_get(XPRT_SSL)) - src = ssl_sock_get_cipher_name(conn); + src = ssl_sock_get_cipher_name(conn); } ret = lf_text(tmplog, src, dst + maxsize - tmplog, tmp); if (ret == NULL) @@ -1681,8 +1680,7 @@ int build_logline(struct stream *s, char *dst, size_t maxsize, struct list *list src = NULL; conn = objt_conn(sess->origin); if (conn) { - if (sess->listener->bind_conf->xprt == xprt_get(XPRT_SSL)) - src = ssl_sock_get_proto_version(conn); + src = ssl_sock_get_proto_version(conn); } ret = lf_text(tmplog, src, dst + maxsize - tmplog, tmp); if (ret == NULL) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 62fcd00bd..b2635405c 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5296,19 +5296,21 @@ static void ssl_sock_shutw(struct connection *conn, int clean) } } -/* used for logging, may be changed for a sample fetch later */ +/* used for logging/ppv2, may be changed for a sample fetch later */ const char *ssl_sock_get_cipher_name(struct connection *conn) { - if (!conn->xprt && !conn->xprt_ctx) + if (!ssl_sock_is_ssl(conn)) return NULL; + return SSL_get_cipher_name(conn->xprt_ctx); } -/* used for logging, may be changed for a sample fetch later */ +/* used for logging/ppv2, may be changed for a sample fetch later */ const char *ssl_sock_get_proto_version(struct connection *conn) { - if (!conn->xprt && !conn->xprt_ctx) + if (!ssl_sock_is_ssl(conn)) return NULL; + return SSL_get_version(conn->xprt_ctx); } @@ -5510,14 +5512,6 @@ ssl_sock_get_dn_oneline(X509_NAME *a, struct chunk *out) return 1; } -char *ssl_sock_get_version(struct connection *conn) -{ - if (!ssl_sock_is_ssl(conn)) - return NULL; - - return (char *)SSL_get_version(conn->xprt_ctx); -} - /* Sets advertised SNI for outgoing connections. Please set to NULL * to disable SNI. */