From 1055e687a2dc936aac2da0ad3460de40e1d5480f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Thu, 26 Apr 2018 14:35:21 +0200
Subject: [PATCH] MINOR: peers: Make outgoing connection to SSL/TLS peers work.

This patch adds pointer to a struct server to peer structure which
is initialized after having parsed a remote "peer" line.

After having parsed all peers section we run ->prepare_srv to initialize
all SSL/TLS stuff of remote perr (or server).

Remaining thing to do to completely support peer protocol over SSL/TLS:
make "bind" keyword be supported in "peers" sections to make SSL/TLS
incoming connections to local peers work.

May be backported to 1.5 and newer.
---
 include/proto/peers.h | 26 ++++++++++++++++++++++++++
 include/types/peers.h |  1 +
 src/cfgparse.c        | 13 +++++++++++--
 src/peers.c           |  5 +++--
 4 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/include/proto/peers.h b/include/proto/peers.h
index 9d4aaff23..ce4feaa4c 100644
--- a/include/proto/peers.h
+++ b/include/proto/peers.h
@@ -25,9 +25,35 @@
 #include <common/config.h>
 #include <common/ticks.h>
 #include <common/time.h>
+#include <proto/connection.h>
 #include <types/stream.h>
 #include <types/peers.h>
 
+#if defined(USE_OPENSSL)
+static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s)
+{
+	if (p->srv->use_ssl)
+		return &p->srv->obj_type;
+	else
+		return &s->be->obj_type;
+}
+
+static inline struct xprt_ops *peer_xprt(struct peer *p)
+{
+	return p->srv->use_ssl ? xprt_get(XPRT_SSL) : xprt_get(XPRT_RAW);
+}
+#else
+static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s)
+{
+	return &s->be->obj_type;
+}
+
+static inline struct xprt_ops *peer_xprt(struct peer *p)
+{
+	return xprt_get(XPRT_RAW);
+}
+#endif
+
 int peers_init_sync(struct peers *peers);
 void peers_register_table(struct peers *, struct stktable *table);
 void peers_setup_frontend(struct proxy *fe);
diff --git a/include/types/peers.h b/include/types/peers.h
index 58c8c4ee9..5200d56b7 100644
--- a/include/types/peers.h
+++ b/include/types/peers.h
@@ -67,6 +67,7 @@ struct peer {
 	struct shared_table *remote_table;
 	struct shared_table *last_local_table;
 	struct shared_table *tables;
+	struct server *srv;
 	__decl_hathreads(HA_SPINLOCK_T lock); /* lock used to handle this peer section */
 	struct peer *next;	  /* next peer in the list */
 };
diff --git a/src/cfgparse.c b/src/cfgparse.c
index b8f8fea48..a5343ea9f 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -513,6 +513,7 @@ static int init_peers_frontend(const char *file, int linenum,
  out:
 	if (id && !p->id)
 		p->id = strdup(id);
+	free(p->conf.file);
 	p->conf.args.file = p->conf.file = strdup(file);
 	p->conf.args.line = p->conf.line = linenum;
 
@@ -623,9 +624,10 @@ int cfg_parse_peers(const char *file, int linenum, char **args, int kwm)
 		newpeer->sock_init_arg = NULL;
 		HA_SPIN_INIT(&newpeer->lock);
 
-		if (strcmp(newpeer->id, localpeer) != 0)
-			/* We are done. */
+		if (strcmp(newpeer->id, localpeer) != 0) {
+			newpeer->srv = curpeers->peers_fe->srv;
 			goto out;
+		}
 
 		if (cfg_peers->local) {
 			ha_alert("parsing [%s:%d] : '%s %s' : local peer name already referenced at %s:%d.\n",
@@ -3633,6 +3635,13 @@ out_uri_auth_compat:
 				curpeers->peers_fe = NULL;
 			}
 			else {
+				p = curpeers->remote;
+				while (p) {
+					if (p->srv && p->srv->use_ssl &&
+					    xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
+						cfgerr += xprt_get(XPRT_SSL)->prepare_srv(p->srv);
+					p = p->next;
+				}
 				if (!peers_init_sync(curpeers)) {
 					ha_alert("Peers section '%s': out of memory, giving up on peers.\n",
 						 curpeers->id);
diff --git a/src/peers.c b/src/peers.c
index e580f2ca8..d4d3859e3 100644
--- a/src/peers.c
+++ b/src/peers.c
@@ -39,6 +39,7 @@
 #include <proto/log.h>
 #include <proto/hdr_idx.h>
 #include <proto/mux_pt.h>
+#include <proto/peers.h>
 #include <proto/proxy.h>
 #include <proto/session.h>
 #include <proto/stream.h>
@@ -1996,10 +1997,10 @@ static struct appctx *peer_session_create(struct peers *peers, struct peer *peer
 	if (unlikely((cs = cs_new(conn)) == NULL))
 		goto out_free_conn;
 
-	conn->target = s->target = &s->be->obj_type;
+	conn->target = s->target = peer_session_target(peer, s);
 	memcpy(&conn->addr.to, &peer->addr, sizeof(conn->addr.to));
 
-	conn_prepare(conn, peer->proto, peer->xprt);
+	conn_prepare(conn, peer->proto, peer_xprt(peer));
 	conn_install_mux(conn, &mux_pt_ops, cs, s->be, NULL);
 	si_attach_cs(&s->si[1], cs);