int ret = -1; /* error by default */
conn = SSL_get_ex_data(s, ssl_app_data_index);
- ref = objt_listener(conn->target)->bind_conf->keys_ref;
+ ref = __objt_listener(conn->target)->bind_conf->keys_ref;
HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
keys = ref->tlskeys;
conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
}
- if (objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
+ if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
ssl_sock_dump_errors(conn);
ERR_clear_error();
return 1;
conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
/* check if certificate error needs to be ignored */
- if (objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
+ if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
ssl_sock_dump_errors(conn);
ERR_clear_error();
return 1;
SSL_CTX *
ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
{
- struct bind_conf *bind_conf = objt_listener(conn->target)->bind_conf;
+ struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
}
struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
struct server *s;
- s = objt_server(conn->target);
+ s = __objt_server(conn->target);
if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
int len;
servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
sni = servername;
if (!servername) {
- servername = objt_server(conn->target)->ssl_ctx.verify_host;
+ servername = __objt_server(conn->target)->ssl_ctx.verify_host;
if (!servername)
return ok;
}
retry_connect:
/* Alloc a new SSL session ctx */
- conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
+ conn->xprt_ctx = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
if (!conn->xprt_ctx) {
if (may_retry--) {
pool_gc(NULL);
}
SSL_set_connect_state(conn->xprt_ctx);
- if (objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
- const unsigned char *ptr = objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
- SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
- if(sess && !SSL_set_session(conn->xprt_ctx, sess)) {
+ if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
+ const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
+ SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
+ if (sess && !SSL_set_session(conn->xprt_ctx, sess)) {
SSL_SESSION_free(sess);
- free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
- objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
+ free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
+ __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
} else if (sess) {
SSL_SESSION_free(sess);
}
retry_accept:
/* Alloc a new SSL session ctx */
- conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->initial_ctx);
+ conn->xprt_ctx = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
if (!conn->xprt_ctx) {
if (may_retry--) {
pool_gc(NULL);
ERR_clear_error();
/* free resumed session if exists */
- if (objt_server(conn->target) && objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
- free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
- objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
+ if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
+ free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
+ __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
}
/* Fail on all other handshake errors */
projects / thirdparty / haproxy.git / commitdiff
