mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-03-31 23:58:16 +00:00
MINOR: conf: rename all ssl modules fetches using prefix 'ssl_fc' and 'ssl_c'
SSL fetches were renamed : ssl_fc_* = Front Connection (attributes of the connection itself) ssl_c_* = Client side certificate
This commit is contained in:
parent
3476364ce9
commit
2525b6bb92
@ -8272,15 +8272,6 @@ during analysis. This requires that some data has been buffered, for instance
|
||||
through TCP request content inspection. Please see the "tcp-request content"
|
||||
keyword for more detailed information on the subject.
|
||||
|
||||
client_crt
|
||||
Returns true if a client certificate is present in an incoming connection over
|
||||
SSL/TLS transport layer. Useful if 'verify' statement is set to 'optional'.
|
||||
|
||||
is_ssl
|
||||
Returns true when the incoming connection was made via an SSL/TLS transport
|
||||
layer and is locally deciphered. This means it has matched a socket declared
|
||||
with a "bind" line having the "ssl" option.
|
||||
|
||||
rep_ssl_hello_type <integer>
|
||||
Returns true when data in the response buffer looks like a complete SSL (v3
|
||||
or superior) hello message and handshake type is equal to <integer>.
|
||||
@ -8364,14 +8355,47 @@ req_ssl_ver <decimal>
|
||||
SSL transport layer, so this will not work with "bind" lines having the "ssl"
|
||||
option.
|
||||
|
||||
ssl_has_sni
|
||||
ssl_c_ca_err <integer>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer, and the ID of the first error detected during verification of the
|
||||
client certificate at depth > 0 matches the specified value (check man verify
|
||||
for possible values). Note that error zero means no error was encountered
|
||||
during this verification process.
|
||||
|
||||
ssl_c_ca_err_depth <integer>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer, and the depth in the CA chain of the first error detected during the
|
||||
verification of the client certificate matches the specified value. When no
|
||||
error is found, depth 0 is returned.
|
||||
|
||||
ssl_c_err <integer>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer, and the ID of the first error detected during verification at depth==0
|
||||
matches the specified value (check man verify for possible values). Note that
|
||||
error zero means no error was encountered during this verification process.
|
||||
|
||||
ssl_c_verify <integer>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer, and the verify result matches the specified value (check man verify
|
||||
for possible values). Zero indicates no error was detected.
|
||||
|
||||
ssl_fc
|
||||
Returns true when the front connection was made via an SSL/TLS transport
|
||||
layer and is locally deciphered. This means it has matched a socket declared
|
||||
with a "bind" line having the "ssl" option.
|
||||
|
||||
ssl_fc_has_crt
|
||||
Returns true if a client certificate is present in an incoming connection over
|
||||
SSL/TLS transport layer. Useful if 'verify' statement is set to 'optional'.
|
||||
|
||||
ssl_fc_has_sni
|
||||
This is used to check for presence of a Server Name Indication TLS extension
|
||||
in an incoming connection was made over an SSL/TLS transport layer. Returns
|
||||
true when the incoming connection presents a TLS SNI field. This requires
|
||||
that the SSL library is build with support for TLS extensions enabled (check
|
||||
haproxy -vv).
|
||||
|
||||
ssl_npn <string>
|
||||
ssl_fc_npn <string>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer which deciphered it and found a Next Protocol Negociation TLS extension
|
||||
sent by the client, matching the specified string. This requires that the SSL
|
||||
@ -8380,17 +8404,18 @@ ssl_npn <string>
|
||||
the "bind" line specifies a protocol list. Also, nothing forces the client to
|
||||
pick a protocol from this list, any other one may be requested.
|
||||
|
||||
ssl_sni <string>
|
||||
ssl_fc_sni <string>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer which deciphered it and found a Server Name Indication TLS extension
|
||||
sent by the client, matching the specified string. In HTTPS, the SNI field
|
||||
(when present) is equal to the requested host name. This match is different
|
||||
from "req_ssl_sni" above in that it applies to the connection being
|
||||
deciphered by haproxy and not to SSL contents being blindly forwarded.
|
||||
See also "ssl_sni_end" and "ssl_sni_req" below. This requires that the SSL
|
||||
library is build with support for TLS extensions enabled (check haproxy -vv).
|
||||
See also "ssl_fc_sni_end" and "ssl_fc_sni_req" below. This requires that the
|
||||
SSL library is build with support for TLS extensions enabled (check
|
||||
haproxy -vv).
|
||||
|
||||
ssl_sni_end <string>
|
||||
ssl_fc_sni_end <string>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer which deciphered it and found a Server Name Indication TLS extension
|
||||
sent by the client, ending like the specified string. In HTTPS, the SNI field
|
||||
@ -8400,7 +8425,7 @@ ssl_sni_end <string>
|
||||
requires that the SSL library is build with support for TLS extensions
|
||||
enabled (check haproxy -vv).
|
||||
|
||||
ssl_sni_req <regex>
|
||||
ssl_fc_sni_reg <regex>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer which deciphered it and found a Server Name Indication TLS extension
|
||||
sent by the client, matching the specified regex. In HTTPS, the SNI field
|
||||
@ -8410,25 +8435,6 @@ ssl_sni_req <regex>
|
||||
requires that the SSL library is build with support for TLS extensions
|
||||
enabled (check haproxy -vv).
|
||||
|
||||
ssl_verify_caerr <errorID>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer and the ID of the first error detected during verify at depth > 0 match
|
||||
the errorID.
|
||||
|
||||
ssl_verify_caerr_depth <depth>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer and the depth of the first error detected during verify match the
|
||||
depth.
|
||||
|
||||
ssl_verify_crterr <errorID>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer and the ID of the first error detected during verify at depth == 0
|
||||
match the errorID.
|
||||
|
||||
ssl_verify_result <errorID>
|
||||
Returns true when the incoming connection was made over an SSL/TLS transport
|
||||
layer and the verify result match the errorID.
|
||||
|
||||
wait_end
|
||||
Waits for the end of the analysis period to return true. This may be used in
|
||||
conjunction with content analysis to avoid returning a wrong verdict early.
|
||||
@ -8969,9 +8975,6 @@ The list of currently supported pattern fetch functions is the following :
|
||||
shared caches efficiency. Using this with a limited size stick
|
||||
table also allows one to collect statistics about most commonly
|
||||
requested objects by host/path.
|
||||
client_crt
|
||||
Returns 1 if a client certificate is present in an incoming
|
||||
connection over SSL/TLS transport layer, otherwise 0.
|
||||
|
||||
src This is the source IPv4 address of the client of the session.
|
||||
It is of type IPv4 and works on both IPv4 and IPv6 tables.
|
||||
@ -9000,10 +9003,6 @@ The list of currently supported pattern fetch functions is the following :
|
||||
last one. A typical use is with the X-Forwarded-For header once
|
||||
converted to IP, associated with an IP stick-table.
|
||||
|
||||
is_ssl This checks the transport layer used by incoming connection, and
|
||||
returns 1 if the connection was made via an SSL/TLS transport
|
||||
layer, otherwise zero.
|
||||
|
||||
path This extracts the request's URL path (without the host part). A
|
||||
typical use is with prefetch-capable caches, and with portals
|
||||
which need to aggregate multiple information from databases and
|
||||
@ -9031,41 +9030,49 @@ The list of currently supported pattern fetch functions is the following :
|
||||
that this function will be useful but it's available at no cost.
|
||||
It is of type integer and only works with such tables.
|
||||
|
||||
ssl_has_sni This checks the transport layer used by incoming connection, and
|
||||
ssl_c_ca_err Returns the ID of the first error detected during verify of the
|
||||
client certificate at depth > 0, or 0 if no error was detected.
|
||||
|
||||
ssl_c_ca_err_depth
|
||||
Returns the depth of the first error detected during verify. If
|
||||
no error is encountered in the CA chain, zero is returned.
|
||||
|
||||
ssl_c_err Returns the ID of the first error detected during verify of the
|
||||
client certificate at depth == 0, or 0 if no errors.
|
||||
|
||||
ssl_c_verify Returns the verify result errorID when the incoming connection
|
||||
was made over an SSL/TLS transport layer, otherwise zero if no
|
||||
error is encountered.
|
||||
|
||||
ssl_fc This checks the transport layer used on the front connection,
|
||||
and returns 1 if it was made via an SSL/TLS transport layer,
|
||||
otherwise zero.
|
||||
|
||||
ssl_fc_has_crt
|
||||
Returns 1 if a client certificate is present in the front
|
||||
connection over SSL/TLS transport layer, otherwise 0.
|
||||
|
||||
ssl_fc_has_sni
|
||||
This checks the transport layer used by the front connection, and
|
||||
returns 1 if the connection was made via an SSL/TLS transport
|
||||
layer and the client sent a Server Name Indication TLS extension,
|
||||
otherwise zero. This requires that the SSL library is build with
|
||||
support for TLS extensions enabled (check haproxy -vv).
|
||||
|
||||
ssl_npn This extracts the Next Protocol Negociation field from an
|
||||
ssl_fc_npn This extracts the Next Protocol Negociation field from an
|
||||
incoming connection made via an SSL/TLS transport layer and
|
||||
locally deciphered by haproxy. The result is a string containing
|
||||
the protocol name advertised by the client. The SSL library must
|
||||
have been built with support for TLS extensions enabled (check
|
||||
haproxy -vv).
|
||||
haproxy -vv). See also the "npn" bind keyword.
|
||||
|
||||
ssl_sni This extracts the Server Name Indication field from an incoming
|
||||
ssl_fc_sni This extracts the Server Name Indication field from an incoming
|
||||
connection made via an SSL/TLS transport layer and locally
|
||||
deciphered by haproxy. The result typically is a string matching
|
||||
the HTTPS host name (253 chars or less). The SSL library must
|
||||
have been built with support for TLS extensions enabled (check
|
||||
haproxy -vv).
|
||||
|
||||
ssl_verify_caerr
|
||||
Returns the ID of the first error detected during verify at
|
||||
depth > 0 or 0 if no errors.
|
||||
|
||||
ssl_verify_caerr_depth
|
||||
Returns the depth of the first error detected during verify.
|
||||
|
||||
ssl_verify_crterr
|
||||
Returns the ID of the first error detected during verify at
|
||||
depth == 0 or 0 if no errors.
|
||||
|
||||
ssl_verify_result
|
||||
Returns the verify result errorID when the incoming connection
|
||||
was made over an SSL/TLS transport layer.
|
||||
|
||||
url This extracts the request's URL as presented in the request. A
|
||||
typical use is with prefetch-capable caches, and with portals
|
||||
which need to aggregate multiple information from databases and
|
||||
|
@ -1099,8 +1099,8 @@ const char *ssl_sock_get_proto_version(struct connection *conn)
|
||||
|
||||
/* boolean, returns true if client cert was present */
|
||||
static int
|
||||
smp_fetch_client_crt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
smp_fetch_ssl_fc_has_crt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
{
|
||||
if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
|
||||
return 0;
|
||||
@ -1118,9 +1118,9 @@ smp_fetch_client_crt(struct proxy *px, struct session *l4, void *l7, unsigned in
|
||||
}
|
||||
|
||||
|
||||
/* boolean, returns true if transport layer is SSL */
|
||||
/* boolean, returns true if front conn. transport layer is SSL */
|
||||
static int
|
||||
smp_fetch_is_ssl(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
smp_fetch_ssl_fc(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
{
|
||||
smp->type = SMP_T_BOOL;
|
||||
@ -1128,10 +1128,10 @@ smp_fetch_is_ssl(struct proxy *px, struct session *l4, void *l7, unsigned int op
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* boolean, returns true if transport layer is SSL */
|
||||
/* boolean, returns true if client present a SNI */
|
||||
static int
|
||||
smp_fetch_has_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
smp_fetch_ssl_fc_has_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
{
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
smp->type = SMP_T_BOOL;
|
||||
@ -1146,8 +1146,8 @@ smp_fetch_has_sni(struct proxy *px, struct session *l4, void *l7, unsigned int o
|
||||
|
||||
#ifdef OPENSSL_NPN_NEGOTIATED
|
||||
static int
|
||||
smp_fetch_ssl_npn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
smp_fetch_ssl_fc_npn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
{
|
||||
smp->flags = 0;
|
||||
smp->type = SMP_T_CSTR;
|
||||
@ -1167,8 +1167,8 @@ smp_fetch_ssl_npn(struct proxy *px, struct session *l4, void *l7, unsigned int o
|
||||
#endif
|
||||
|
||||
static int
|
||||
smp_fetch_ssl_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
smp_fetch_ssl_fc_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
{
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
smp->flags = 0;
|
||||
@ -1188,9 +1188,9 @@ smp_fetch_ssl_sni(struct proxy *px, struct session *l4, void *l7, unsigned int o
|
||||
#endif
|
||||
}
|
||||
|
||||
/* integer, returns the first verify error ID in CA */
|
||||
/* integer, returns the first verify error in CA chain of client certificate chain. */
|
||||
static int
|
||||
smp_fetch_verify_caerr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
smp_fetch_ssl_c_ca_err(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
{
|
||||
if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
|
||||
@ -1208,9 +1208,9 @@ smp_fetch_verify_caerr(struct proxy *px, struct session *l4, void *l7, unsigned
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* integer, returns the depth of the first verify error in CA */
|
||||
/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
|
||||
static int
|
||||
smp_fetch_verify_caerr_depth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
smp_fetch_ssl_c_ca_err_depth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
{
|
||||
if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
|
||||
@ -1228,10 +1228,10 @@ smp_fetch_verify_caerr_depth(struct proxy *px, struct session *l4, void *l7, uns
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* integer, returns the depth of the first verify error in CA */
|
||||
/* integer, returns the first verify error on client certificate */
|
||||
static int
|
||||
smp_fetch_verify_crterr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
smp_fetch_ssl_c_err(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
{
|
||||
if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
|
||||
return 0;
|
||||
@ -1248,10 +1248,10 @@ smp_fetch_verify_crterr(struct proxy *px, struct session *l4, void *l7, unsigned
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* integer, returns the verify result */
|
||||
/* integer, returns the verify result on client cert */
|
||||
static int
|
||||
smp_fetch_verify_result(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
smp_fetch_ssl_c_verify(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
||||
const struct arg *args, struct sample *smp)
|
||||
{
|
||||
if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
|
||||
return 0;
|
||||
@ -1755,17 +1755,17 @@ static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct
|
||||
* Please take care of keeping this list alphabetically sorted.
|
||||
*/
|
||||
static struct sample_fetch_kw_list sample_fetch_keywords = {{ },{
|
||||
{ "client_crt", smp_fetch_client_crt, 0, NULL, SMP_T_BOOL, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "is_ssl", smp_fetch_is_ssl, 0, NULL, SMP_T_BOOL, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_has_sni", smp_fetch_has_sni, 0, NULL, SMP_T_BOOL, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
#ifdef OPENSSL_NPN_NEGOTIATED
|
||||
{ "ssl_npn", smp_fetch_ssl_npn, 0, NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
#endif
|
||||
{ "ssl_sni", smp_fetch_ssl_sni, 0, NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_verify_caerr", smp_fetch_verify_caerr, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_verify_caerr_depth", smp_fetch_verify_caerr_depth, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_verify_crterr", smp_fetch_verify_crterr, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_verify_result", smp_fetch_verify_result, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
|
||||
{ NULL, NULL, 0, 0, 0 },
|
||||
}};
|
||||
|
||||
@ -1773,19 +1773,19 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {{ },{
|
||||
* Please take care of keeping this list alphabetically sorted.
|
||||
*/
|
||||
static struct acl_kw_list acl_kws = {{ },{
|
||||
{ "client_crt", acl_parse_int, smp_fetch_client_crt, acl_match_nothing, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "is_ssl", acl_parse_int, smp_fetch_is_ssl, acl_match_nothing, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_has_sni", acl_parse_int, smp_fetch_has_sni, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
|
||||
{ "ssl_c_ca_err", acl_parse_int, smp_fetch_ssl_c_ca_err, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_c_ca_err_depth", acl_parse_int, smp_fetch_ssl_c_ca_err_depth, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_c_err", acl_parse_int, smp_fetch_ssl_c_err, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_c_verify", acl_parse_int, smp_fetch_ssl_c_verify, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_fc", acl_parse_int, smp_fetch_ssl_fc, acl_match_nothing, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_fc_has_crt", acl_parse_int, smp_fetch_ssl_fc_has_crt, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
|
||||
{ "ssl_fc_has_sni", acl_parse_int, smp_fetch_ssl_fc_has_sni, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
|
||||
#ifdef OPENSSL_NPN_NEGOTIATED
|
||||
{ "ssl_npn", acl_parse_str, smp_fetch_ssl_npn, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_fc_npn", acl_parse_str, smp_fetch_ssl_fc_npn, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
#endif
|
||||
{ "ssl_sni", acl_parse_str, smp_fetch_ssl_sni, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_sni_end", acl_parse_str, smp_fetch_ssl_sni, acl_match_end, ACL_USE_L6REQ_PERMANENT, 0 },
|
||||
{ "ssl_sni_reg", acl_parse_reg, smp_fetch_ssl_sni, acl_match_reg, ACL_USE_L6REQ_PERMANENT, 0 },
|
||||
{ "ssl_verify_caerr", acl_parse_int, smp_fetch_verify_caerr, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_verify_caerr_depth", acl_parse_int, smp_fetch_verify_caerr_depth, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_verify_crterr", acl_parse_int, smp_fetch_verify_crterr, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_verify_result", acl_parse_int, smp_fetch_verify_result, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_fc_sni", acl_parse_str, smp_fetch_ssl_fc_sni, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
|
||||
{ "ssl_fc_sni_end", acl_parse_str, smp_fetch_ssl_fc_sni, acl_match_end, ACL_USE_L6REQ_PERMANENT, 0 },
|
||||
{ "ssl_fc_sni_reg", acl_parse_reg, smp_fetch_ssl_fc_sni, acl_match_reg, ACL_USE_L6REQ_PERMANENT, 0 },
|
||||
{ NULL, NULL, NULL, NULL },
|
||||
}};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user