From: Emeric Brun <ebrun@exceliance.fr>
Date: Wed, 30 Apr 2014 16:49:19 +0000 (+0200)
Subject: MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id.
X-Git-Tag: v1.5-dev25~41
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b73a9b039c7d4da4055fb996ed65bbcb8ccfa9e6;p=thirdparty%2Fhaproxy.git

MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id.

Previously ssl_fc_unique_id and ssl_bc_unique_id return a string encoded
in base64 of the RFC 5929 TLS unique identifier. This patch modify those fetches
to return directly the ID in the original binary format. The user can make the
choice to encode in base64 using the converter.

i.e. : ssl_fc_unique_id,base64
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3d4aee7029..8207067a2c 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -10301,10 +10301,10 @@ ssl_bc_protocol : string
   Returns the name of the used protocol when the outgoing connection was made
   over an SSL/TLS transport layer.
 
-ssl_bc_unique_id : string
+ssl_bc_unique_id : binary
   When the outgoing connection was made over an SSL/TLS transport layer,
-  returns a base64 encoded string containing the TLS unique ID as defined
-  in RFC5929 section 3.
+  returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+  can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".
 
 ssl_bc_session_id : binary
   Returns the SSL ID of the back connection when the outgoing connection was
@@ -10513,10 +10513,10 @@ ssl_fc_protocol : string
   Returns the name of the used protocol when the incoming connection was made
   over an SSL/TLS transport layer.
 
-ssl_fc_unique_id : string
+ssl_fc_unique_id : binary
   When the incoming connection was made over an SSL/TLS transport layer,
-  returns a base64 encoded string containing the TLS unique ID as defined
-  in RFC5929 section 3.
+  returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+  can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".
 
 ssl_fc_session_id : binary
   Returns the SSL ID of the front connection when the incoming connection was
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 19ede39452..229290f864 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -45,7 +45,6 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 
-#include <common/base64.h>
 #include <common/buffer.h>
 #include <common/compat.h>
 #include <common/config.h>
@@ -2671,9 +2670,7 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig
 	int back_conn = (kw[4] == 'b') ? 1 : 0;
 	struct connection *conn;
 	int finished_len;
-	int b64_len;
 	struct chunk *finished_trash;
-	struct chunk *smp_trash;
 
 	smp->flags = 0;
 
@@ -2698,15 +2695,9 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig
 	if (!finished_len)
 		return 0;
 
-	smp_trash = get_trash_chunk();
-	b64_len = a2base64(finished_trash->str, finished_len, smp_trash->str, smp_trash->size);
-	if (b64_len < 0)
-		return 0;
-
-	smp->data.str.str = smp_trash->str;
-	smp->type = SMP_T_STR;
-	smp->flags |= SMP_F_CONST;
-	smp->data.str.len = b64_len;
+	finished_trash->len = finished_len;
+	smp->data.str = *finished_trash;
+	smp->type = SMP_T_BIN;
 
 	return 1;
 #else
@@ -3411,7 +3402,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
 	{ "ssl_bc_alg_keysize",     smp_fetch_ssl_fc_alg_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5SRV },
 	{ "ssl_bc_cipher",          smp_fetch_ssl_fc_cipher,      0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
 	{ "ssl_bc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
-	{ "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
+	{ "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
 	{ "ssl_bc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5SRV },
 	{ "ssl_bc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
 	{ "ssl_c_ca_err",           smp_fetch_ssl_c_ca_err,       0,                   NULL,    SMP_T_UINT, SMP_USE_L5CLI },
@@ -3449,7 +3440,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
 	{ "ssl_fc_alpn",            smp_fetch_ssl_fc_alpn,        0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 #endif
 	{ "ssl_fc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
-	{ "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
+	{ "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
 	{ "ssl_fc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5CLI },
 	{ "ssl_fc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
 	{ "ssl_fc_sni",             smp_fetch_ssl_fc_sni,         0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },