BUG: ssl: fix ssl_sni ACLs to correctly process regular expressions

ssl_sni_reg was using acl_parse_str which is wrong since we're parsing
a regex. Additionally, neither _end nor _reg may be looked up.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 53f6d83ce11bcda3df78e8dbc324e53317323057..f5e68b1d35b39ac7eac237b4f266c9b247667050 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1774,8 +1774,8 @@ static struct acl_kw_list acl_kws = {{ },{
        { "ssl_npn",                acl_parse_str, smp_fetch_ssl_npn,            acl_match_str,     ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
 #endif
        { "ssl_sni",                acl_parse_str, smp_fetch_ssl_sni,            acl_match_str,     ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
-       { "ssl_sni_end",            acl_parse_str, smp_fetch_ssl_sni,            acl_match_end,     ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
-       { "ssl_sni_reg",            acl_parse_str, smp_fetch_ssl_sni,            acl_match_reg,     ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
+       { "ssl_sni_end",            acl_parse_str, smp_fetch_ssl_sni,            acl_match_end,     ACL_USE_L6REQ_PERMANENT, 0 },
+       { "ssl_sni_reg",            acl_parse_reg, smp_fetch_ssl_sni,            acl_match_reg,     ACL_USE_L6REQ_PERMANENT, 0 },
        { "ssl_verify_caerr",       acl_parse_int, smp_fetch_verify_caerr,       acl_match_int,     ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
        { "ssl_verify_caerr_depth", acl_parse_int, smp_fetch_verify_caerr_depth, acl_match_int,     ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },
        { "ssl_verify_crterr",      acl_parse_int, smp_fetch_verify_crterr,      acl_match_int,     ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 },