BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found

The x509_v_err_str converter now outputs the numerical value as a string when the corresponding constant name was not found. Must be backported as far as 2.7.
2025-01-17 11:10:42 +00:00 · 2023-05-03 15:13:10 +02:00 · 2023-05-03 15:13:10 +02:00 · 117c7fde06
commit 117c7fde06
parent 9867987182
2 changed files with 17 additions and 0 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -19105,6 +19105,9 @@ x509_v_err_str
  is useful in ACL in order to have a configuration which works with multiple
  version of OpenSSL since some codes might change when changing version.

+  When the corresponding constant name was not found, outputs the numerical
+  value as a string.
+
  The list of constant provided by OpenSSL can be found at
  https://www.openssl.org/docs/manmaster/man3/X509_STORE_CTX_get_error.html#ERROR-CODES
  Be careful to read the page for the right version of OpenSSL.
@ -19121,6 +19124,9 @@ x509_v_err_str
    http-response add-header X-SSL Expired if cert_expired
    http-response add-header X-SSL Revoked if cert_revoked

+    http-response add-header X-SSL-verify %[ssl_c_verify,x509_v_err_str]
+
+
 7.3.2. Fetching samples from internal states
 --------------------------------------------

--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@ -410,6 +410,17 @@ static int sample_conv_x509_v_err(const struct arg *arg_p, struct sample *smp, v
 		smp->data.type = SMP_T_STR;
 		smp->flags |= SMP_F_CONST;

+		return 1;
+	} else {
+		struct buffer *smp_trash = get_trash_chunk();
+
+		/* if the conversion failed, output the numbers as string */
+		chunk_printf(smp_trash, "%llu", smp->data.u.sint);
+
+		smp->data.u.str = *smp_trash;
+		smp->data.type = SMP_T_STR;
+		smp->flags &= ~SMP_F_CONST;
+
 		return 1;
 	}