BUG/MINOR: ssl: fix usage of the various sample fetch functions

Technically speaking, many SSL sample fetch functions act on the
connection and depend on USE_L5CLI on the client side, which means
they're usable as soon as a handshake is completed on a connection.
This means that the test consisting in refusing to call them when
the stream is NULL will prevent them from working when we implement
the tcp-request session ruleset. Better fix this now. The fix consists
in using smp->sess->origin when they're called for the front connection,
and smp->strm->si[1].end when called for the back connection.

There is currently no known side effect for this issue, though it would
better be backported into 1.6 so that the code base remains consistend.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 393ec364d393b59594ed02aeb0d06656dca5d5b2..101738859abc3b4f74f2b11c9d4f157edec774a3 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4573,8 +4573,8 @@ smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *
 static int
 smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-       int back_conn = (kw[4] == 'b') ? 1 : 0;
-       struct connection *conn = smp->strm ? objt_conn(smp->strm->si[back_conn].end) : NULL;
+       struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
+                                           smp->strm ? smp->strm->si[1].end : NULL);
 
        smp->data.type = SMP_T_BOOL;
        smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
@@ -4618,14 +4618,10 @@ smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const ch
 static int
 smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-       int back_conn = (kw[4] == 'b') ? 1 : 0;
-       struct connection *conn;
-
-       if (!smp->strm)
-               return 0;
+       struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
+                                           smp->strm ? smp->strm->si[1].end : NULL);
 
        smp->flags = 0;
-       conn = objt_conn(smp->strm->si[back_conn].end);
        if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
                return 0;
 
@@ -4648,16 +4644,12 @@ smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *
 static int
 smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-       int back_conn = (kw[4] == 'b') ? 1 : 0;
-       struct connection *conn;
-       int sint;
+       struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
+                                           smp->strm ? smp->strm->si[1].end : NULL);
 
-       if (!smp->strm)
-               return 0;
+       int sint;
 
        smp->flags = 0;
-
-       conn = objt_conn(smp->strm->si[back_conn].end);
        if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
                return 0;
 
@@ -4677,15 +4669,10 @@ smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const c
 static int
 smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-       int back_conn = (kw[4] == 'b') ? 1 : 0;
-       struct connection *conn;
-
-       if (!smp->strm)
-               return 0;
+       struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
+                                           smp->strm ? smp->strm->si[1].end : NULL);
 
        smp->flags = 0;
-
-       conn = objt_conn(smp->strm->si[back_conn].end);
        if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
                return 0;
 
@@ -4704,9 +4691,6 @@ smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw,
 {
        struct connection *conn;
 
-       if (!smp->strm)
-               return 0;
-
        smp->flags = SMP_F_CONST;
        smp->data.type = SMP_T_STR;
 
@@ -4731,9 +4715,6 @@ smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw
 {
        struct connection *conn;
 
-       if (!smp->strm)
-               return 0;
-
        smp->flags = SMP_F_CONST;
        smp->data.type = SMP_T_STR;
 
@@ -4759,15 +4740,10 @@ smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw
 static int
 smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
-       int back_conn = (kw[4] == 'b') ? 1 : 0;
-       struct connection *conn;
-
-       if (!smp->strm)
-               return 0;
+       struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
+                                           smp->strm ? smp->strm->si[1].end : NULL);
 
        smp->flags = 0;
-
-       conn = objt_conn(smp->strm->si[back_conn].end);
        if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
                return 0;
 
@@ -4790,17 +4766,14 @@ static int
 smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
 #if OPENSSL_VERSION_NUMBER > 0x0090800fL
-       int back_conn = (kw[4] == 'b') ? 1 : 0;
-       SSL_SESSION *ssl_sess;
-       struct connection *conn;
+       struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
+                                           smp->strm ? smp->strm->si[1].end : NULL);
 
-       if (!smp->strm)
-               return 0;
+       SSL_SESSION *ssl_sess;
 
        smp->flags = SMP_F_CONST;
        smp->data.type = SMP_T_BIN;
 
-       conn = objt_conn(smp->strm->si[back_conn].end);
        if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
                return 0;
 
@@ -4824,9 +4797,6 @@ smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw,
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
        struct connection *conn;
 
-       if (!smp->strm)
-               return 0;
-
        smp->flags = SMP_F_CONST;
        smp->data.type = SMP_T_STR;
 
@@ -4849,17 +4819,13 @@ static int
 smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
 #if OPENSSL_VERSION_NUMBER > 0x0090800fL
-       int back_conn = (kw[4] == 'b') ? 1 : 0;
-       struct connection *conn;
+       struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
+                                           smp->strm ? smp->strm->si[1].end : NULL);
+
        int finished_len;
        struct chunk *finished_trash;
 
-       if (!smp->strm)
-               return 0;
-
        smp->flags = 0;
-
-       conn = objt_conn(smp->strm->si[back_conn].end);
        if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
                return 0;