RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-16 02:26:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: ssl: Export definitions required by QUIC.

Browse Source 
QUIC needs to initialize its BIO and SSL session the same way as for SSL over TCP
connections. It needs also to use the same ClientHello callback.
This patch only exports functions and variables shared between QUIC and SSL/TCP
connections.
This commit is contained in:
Frdric Lcaille 2020-11-23 11:19:04 +01:00 committed by Willy Tarreau
parent 5e3d83a221
commit 901ee2f37b
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/haproxy/ssl_sock.h
View File

@ -42,6 +42,7 @@ extern struct ssl_bind_kw ssl_bind_kws[];
extern struct methodVersions methodVersions[];
__decl_thread(extern HA_SPINLOCK_T ckch_lock);
extern struct pool_head *pool_head_ssl_capture;
extern int ssl_app_data_index;
extern unsigned int openssl_engines_initialized;
extern int nb_engines;
extern struct xprt_ops ssl_sock;
@ -53,11 +54,14 @@ extern struct pool_head *pool_head_ssl_keylog_str;
int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *, SSL_CTX *ctx, char **err);
int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf);
int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf);
void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf);
int ssl_sock_prepare_srv_ctx(struct server *srv);
void ssl_sock_free_srv_ctx(struct server *srv);
void ssl_sock_free_all_ctx(struct bind_conf *bind_conf);
int ssl_sock_load_ca(struct bind_conf *bind_conf);
void ssl_sock_free_ca(struct bind_conf *bind_conf);
int ssl_bio_and_sess_init(struct connection *conn, SSL_CTX *ssl_ctx,
SSL **ssl, BIO **bio, BIO_METHOD *bio_meth, void *ctx);
const char *ssl_sock_get_sni(struct connection *conn);
const char *ssl_sock_get_cert_sig(struct connection *conn);
const char *ssl_sock_get_cipher_name(struct connection *conn);
@ -88,6 +92,14 @@ int ssl_sock_load_global_dh_param_from_file(const char *filename);
void ssl_free_dh(void);
#endif
void ssl_free_engines(void);
#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv);
#ifdef OPENSSL_IS_BORINGSSL
int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx);
#else
int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg);
#endif
#endif
SSL_CTX *ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key);
SSL_CTX *ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl);

8
src/ssl_sock.c
View File

@ -477,7 +477,7 @@ static STACK_OF(X509_NAME)* ssl_get_client_ca_file(char *path)
struct pool_head *pool_head_ssl_capture = NULL;
int ssl_capture_ptr_index = -1;
static int ssl_app_data_index = -1;
int ssl_app_data_index = -1;
#ifdef HAVE_OPENSSL_KEYLOG
int ssl_keylog_index = -1;
@ -2291,7 +2291,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
{
struct bind_conf *s = priv;
(void)al; /* shut gcc stupid warning */
@ -2302,11 +2302,11 @@ static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
}
#ifdef OPENSSL_IS_BORINGSSL
static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
{
SSL *ssl = ctx->ssl;
#else
static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
{
#endif
struct connection *conn;