From: Nenad Merdanovic <nmerdan@anine.io>
Date: Mon, 18 May 2015 00:28:57 +0000 (+0200)
Subject: MINOR: Add sample fetch which identifies if the SSL session has been resumed
X-Git-Tag: v1.6-dev2~107
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=26ea82219064b1033f45dd8db83e3e0d22432b2d;p=thirdparty%2Fhaproxy.git

MINOR: Add sample fetch which identifies if the SSL session has been resumed

Signed-off-by: Nenad Merdanovic <nmerdan@anine.io>
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 7af647ff73..1688bd7b4b 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -11962,6 +11962,10 @@ ssl_fc_has_sni : boolean
   that the SSL library is build with support for TLS extensions enabled (check
   haproxy -vv).
 
+ssl_fc_is_resumed: boolean
+  Returns true if the SSL/TLS session has been resumed through the use of
+  SSL session cache or TLS tickets.
+
 ssl_fc_npn : string
   This extracts the Next Protocol Negotiation field from an incoming connection
   made via a TLS transport layer and locally deciphered by haproxy. The result
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 9a47cf14f7..9302869b92 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3716,6 +3716,19 @@ smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char
 #endif
 }
 
+/* boolean, returns true if client session has been resumed */
+static int
+smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
+{
+	struct connection *conn = objt_conn(smp->sess->origin);
+
+	smp->type = SMP_T_BOOL;
+	smp->data.uint = (conn && conn->xprt == &ssl_sock) &&
+		conn->xprt_ctx &&
+		SSL_session_reused(conn->xprt_ctx);
+	return 1;
+}
+
 /* string, returns the used cipher if front conn. transport layer is SSL.
  * This function is also usable on backend conn if the fetch keyword 5th
  * char is 'b'.
@@ -4876,6 +4889,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
 	{ "ssl_fc_cipher",          smp_fetch_ssl_fc_cipher,      0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 	{ "ssl_fc_has_crt",         smp_fetch_ssl_fc_has_crt,     0,                   NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
 	{ "ssl_fc_has_sni",         smp_fetch_ssl_fc_has_sni,     0,                   NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
+	{ "ssl_fc_is_resumed",      smp_fetch_ssl_fc_is_resumed,  0,                   NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
 #ifdef OPENSSL_NPN_NEGOTIATED
 	{ "ssl_fc_npn",             smp_fetch_ssl_fc_npn,         0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 #endif