RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-05-06 09:48:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: ssl: add pattern fetch 'ssl_fc_session_id'

Browse Source 
This fetch returns the SSL ID of the front connection. Useful to stick
on a given client.
This commit is contained in:
Emeric Brun 2012-10-16 14:59:28 +02:00 committed by Willy Tarreau
parent 589fcadbd9
commit fe68f682b1
2 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/configuration.txt
View File

@ -9094,6 +9094,11 @@ The list of currently supported pattern fetch functions is the following :
Returns the name of the used protocol when the incoming connection Returns the name of the used protocol when the incoming connection
was made over an SSL/TLS transport layer. was made over an SSL/TLS transport layer.
ssl_fc_session_id
Returns the SSL ID of the front connection when the incoming
connection was made over an SSL/TLS transport layer. Useful to
stick on a given client.
ssl_fc_sni This extracts the Server Name Indication field from an incoming ssl_fc_sni This extracts the Server Name Indication field from an incoming
connection made via an SSL/TLS transport layer and locally connection made via an SSL/TLS transport layer and locally
deciphered by haproxy. The result typically is a string matching deciphered by haproxy. The result typically is a string matching

28
src/ssl_sock.c
View File

@ -1239,6 +1239,33 @@ smp_fetch_ssl_fc_protocol(struct proxy *px, struct session *l4, void *l7, unsign
return 1; return 1;
} }
static int
smp_fetch_ssl_fc_session_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
SSL_SESSION *sess;
smp->flags = 0;
smp->type = SMP_T_CBIN;
if (!l4 || !l4->si[0].conn.xprt_ctx || l4->si[0].conn.xprt != &ssl_sock)
return 0;
sess = SSL_get_session(l4->si[0].conn.xprt_ctx);
if (!sess)
return 0;
smp->data.str.str = (char *)SSL_SESSION_get_id(sess, (unsigned int *)&smp->data.str.len);
if (!smp->data.str.str || !&smp->data.str.len)
return 0;
return 1;
#else
return 0;
#endif
}
static int static int
smp_fetch_ssl_fc_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt, smp_fetch_ssl_fc_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp) const struct arg *args, struct sample *smp)
@ -1842,6 +1869,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {{ },{
#endif #endif
{ "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES }, { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
{ "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES }, { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
{ "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES },
{ "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES }, { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
{ NULL, NULL, 0, 0, 0 }, { NULL, NULL, 0, 0, 0 },
}}; }};