REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it

This one doesn't use anything from an SSL context, it only checks the type of the transport layer of a connection, thus it belongs to connection.h. This is particularly visible due to all the ifdefs around it in various call places.
2025-05-05 01:07:59 +00:00 · 2021-10-06 11:38:44 +02:00 · 2021-10-06 11:38:44 +02:00 · 1057beecda
commit 1057beecda
parent 340ef2502e
6 changed files with 25 additions and 25 deletions
--- a/include/haproxy/connection.h
+++ b/include/haproxy/connection.h
@ -1227,6 +1227,16 @@ static inline XXH64_hash_t conn_hash_digest(char *buf, size_t bufsize,
 	return (flags_u64 << CONN_HASH_PAYLOAD_LEN) | CONN_HASH_GET_PAYLOAD(hash);
 }

+/* boolean, returns true if connection is over SSL */
+static inline
+int conn_is_ssl(struct connection *conn)
+{
+	if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
+		return 0;
+	else
+		return 1;
+}
+
 #endif /* _HAPROXY_CONNECTION_H */

 /*
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@ -145,16 +145,6 @@ int ssl_sock_register_msg_callback(ssl_sock_msg_callback_func func);

 SSL *ssl_sock_get_ssl_object(struct connection *conn);

-/* boolean, returns true if connection is over SSL */
-static inline
-int ssl_sock_is_ssl(struct connection *conn)
-{
-	if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
-		return 0;
-	else
-		return 1;
-}
-

 #endif /* USE_OPENSSL */
 #endif /* _HAPROXY_SSL_SOCK_H */
--- a/src/connection.c
+++ b/src/connection.c
@ -1282,7 +1282,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
 		memset(tlv, 0, sizeof(struct tlv_ssl));
 		ssl_tlv_len += sizeof(struct tlv_ssl);
 		tlv->tlv.type = PP2_TYPE_SSL;
-		if (ssl_sock_is_ssl(remote)) {
+		if (conn_is_ssl(remote)) {
 			tlv->client |= PP2_CLIENT_SSL;
 			value = ssl_sock_get_proto_version(remote);
 			if (value) {
--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@ -1324,7 +1324,7 @@ static int fcgi_set_default_param(struct fcgi_conn *fconn, struct fcgi_strm *fst
 #ifdef USE_OPENSSL
 	if (!(params->mask & FCGI_SP_HTTPS)) {
 		if (cli_conn)
-			params->https = ssl_sock_is_ssl(cli_conn);
+			params->https = conn_is_ssl(cli_conn);
 	}
 #endif
 	if ((params->mask & FCGI_SP_URI_MASK) != FCGI_SP_URI_MASK) {
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -585,7 +585,7 @@ static void ssl_sock_unregister_msg_callbacks(void)

 SSL *ssl_sock_get_ssl_object(struct connection *conn)
 {
-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;

 	return ((struct ssl_sock_ctx *)(conn->xprt_ctx))->ssl;
@ -6471,7 +6471,7 @@ int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
 	struct ssl_sock_ctx *ctx;
 	X509 *crt;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return 0;

 	ctx = conn->xprt_ctx;
@ -6491,7 +6491,7 @@ const char *ssl_sock_get_cert_sig(struct connection *conn)
 	__OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
 	X509 *crt;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;
 	ctx = conn->xprt_ctx;
 	crt = SSL_get_certificate(ctx->ssl);
@ -6507,7 +6507,7 @@ const char *ssl_sock_get_sni(struct connection *conn)
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	struct ssl_sock_ctx *ctx;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;
 	ctx = conn->xprt_ctx;
 	return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
@ -6521,7 +6521,7 @@ const char *ssl_sock_get_cipher_name(struct connection *conn)
 {
 	struct ssl_sock_ctx *ctx;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;
 	ctx = conn->xprt_ctx;
 	return SSL_get_cipher_name(ctx->ssl);
@ -6532,7 +6532,7 @@ const char *ssl_sock_get_proto_version(struct connection *conn)
 {
 	struct ssl_sock_ctx *ctx;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return NULL;
 	ctx = conn->xprt_ctx;
 	return SSL_get_version(ctx->ssl);
@ -6543,7 +6543,7 @@ void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int l
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 	struct ssl_sock_ctx *ctx;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return;
 	ctx = conn->xprt_ctx;
 	SSL_set_alpn_protos(ctx->ssl, alpn, len);
@ -6560,7 +6560,7 @@ void ssl_sock_set_servername(struct connection *conn, const char *hostname)

 	char *prev_name;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return;
 	ctx = conn->xprt_ctx;

@ -6597,7 +6597,7 @@ int ssl_sock_get_remote_common_name(struct connection *conn,
 	};
 	int result = -1;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		goto out;
 	ctx = conn->xprt_ctx;

@ -6624,7 +6624,7 @@ int ssl_sock_get_cert_used_sess(struct connection *conn)
 	struct ssl_sock_ctx *ctx;
 	X509 *crt = NULL;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return 0;
 	ctx = conn->xprt_ctx;

@ -6642,7 +6642,7 @@ int ssl_sock_get_cert_used_conn(struct connection *conn)
 {
 	struct ssl_sock_ctx *ctx;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return 0;
 	ctx = conn->xprt_ctx;
 	return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
@ -6653,7 +6653,7 @@ unsigned int ssl_sock_get_verify_result(struct connection *conn)
 {
 	struct ssl_sock_ctx *ctx;

-	if (!ssl_sock_is_ssl(conn))
+	if (!conn_is_ssl(conn))
 		return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
 	ctx = conn->xprt_ctx;
 	return (unsigned int)SSL_get_verify_result(ctx->ssl);
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c
@ -2290,7 +2290,7 @@ int tcpcheck_main(struct check *check)
 			const char *msg = ((rule->connect.options & TCPCHK_OPT_IMPLICIT) ? NULL : "(tcp-check)");
 			enum healthcheck_status status = HCHK_STATUS_L4OK;
 #ifdef USE_OPENSSL
-			if (ssl_sock_is_ssl(conn))
+			if (conn_is_ssl(conn))
 				status = HCHK_STATUS_L6OK;
 #endif
 			set_server_check_status(check, status, msg);