From: William Lallemand Date: Wed, 3 May 2023 13:13:10 +0000 (+0200) Subject: BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found X-Git-Tag: v2.8-dev10~71 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=117c7fde06ff3d12c887f36040b997374d0449fa;p=thirdparty%2Fhaproxy.git BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found The x509_v_err_str converter now outputs the numerical value as a string when the corresponding constant name was not found. Must be backported as far as 2.7. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 4cbb7a60cd..9d4aa3c247 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -19105,6 +19105,9 @@ x509_v_err_str is useful in ACL in order to have a configuration which works with multiple version of OpenSSL since some codes might change when changing version. + When the corresponding constant name was not found, outputs the numerical + value as a string. + The list of constant provided by OpenSSL can be found at https://www.openssl.org/docs/manmaster/man3/X509_STORE_CTX_get_error.html#ERROR-CODES Be careful to read the page for the right version of OpenSSL. @@ -19121,6 +19124,9 @@ x509_v_err_str http-response add-header X-SSL Expired if cert_expired http-response add-header X-SSL Revoked if cert_revoked + http-response add-header X-SSL-verify %[ssl_c_verify,x509_v_err_str] + + 7.3.2. Fetching samples from internal states -------------------------------------------- diff --git a/src/ssl_sample.c b/src/ssl_sample.c index 30a616253e..5c6ad1ca20 100644 --- a/src/ssl_sample.c +++ b/src/ssl_sample.c @@ -410,6 +410,17 @@ static int sample_conv_x509_v_err(const struct arg *arg_p, struct sample *smp, v smp->data.type = SMP_T_STR; smp->flags |= SMP_F_CONST; + return 1; + } else { + struct buffer *smp_trash = get_trash_chunk(); + + /* if the conversion failed, output the numbers as string */ + chunk_printf(smp_trash, "%llu", smp->data.u.sint); + + smp->data.u.str = *smp_trash; + smp->data.type = SMP_T_STR; + smp->flags &= ~SMP_F_CONST; + return 1; }