MINOR: peers: Make outgoing connection to SSL/TLS peers work.

This patch adds pointer to a struct server to peer structure which
is initialized after having parsed a remote "peer" line.

After having parsed all peers section we run ->prepare_srv to initialize
all SSL/TLS stuff of remote perr (or server).

Remaining thing to do to completely support peer protocol over SSL/TLS:
make "bind" keyword be supported in "peers" sections to make SSL/TLS
incoming connections to local peers work.

May be backported to 1.5 and newer.

diff --git a/include/proto/peers.h b/include/proto/peers.h
index 9d4aaff232e930667dc559af2da658019ef18cc8..ce4feaa4c6f34362b256d1332f2a33d5c76f08d9 100644 (file)
--- a/include/proto/peers.h
+++ b/include/proto/peers.h
@@ -25,9 +25,35 @@
 #include <common/config.h>
 #include <common/ticks.h>
 #include <common/time.h>
+#include <proto/connection.h>
 #include <types/stream.h>
 #include <types/peers.h>
 
+#if defined(USE_OPENSSL)
+static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s)
+{
+       if (p->srv->use_ssl)
+               return &p->srv->obj_type;
+       else
+               return &s->be->obj_type;
+}
+
+static inline struct xprt_ops *peer_xprt(struct peer *p)
+{
+       return p->srv->use_ssl ? xprt_get(XPRT_SSL) : xprt_get(XPRT_RAW);
+}
+#else
+static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s)
+{
+       return &s->be->obj_type;
+}
+
+static inline struct xprt_ops *peer_xprt(struct peer *p)
+{
+       return xprt_get(XPRT_RAW);
+}
+#endif
+
 int peers_init_sync(struct peers *peers);
 void peers_register_table(struct peers *, struct stktable *table);
 void peers_setup_frontend(struct proxy *fe);

diff --git a/include/types/peers.h b/include/types/peers.h
index 58c8c4ee9895c73eb5a5533f7517aa283ae430d6..5200d56b7a68e789328486ec087e63b84e725f55 100644 (file)
--- a/include/types/peers.h
+++ b/include/types/peers.h
@@ -67,6 +67,7 @@ struct peer {
        struct shared_table *remote_table;
        struct shared_table *last_local_table;
        struct shared_table *tables;
+       struct server *srv;
        __decl_hathreads(HA_SPINLOCK_T lock); /* lock used to handle this peer section */
        struct peer *next;        /* next peer in the list */
 };

diff --git a/src/cfgparse.c b/src/cfgparse.c
index b8f8fea4846e9bd61e7742ed3e68f9a36bdb4358..a5343ea9fb12305d4c1876e244bdcbf392ae662a 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -513,6 +513,7 @@ static int init_peers_frontend(const char *file, int linenum,
  out:
        if (id && !p->id)
                p->id = strdup(id);
+       free(p->conf.file);
        p->conf.args.file = p->conf.file = strdup(file);
        p->conf.args.line = p->conf.line = linenum;
 
@@ -623,9 +624,10 @@ int cfg_parse_peers(const char *file, int linenum, char **args, int kwm)
                newpeer->sock_init_arg = NULL;
                HA_SPIN_INIT(&newpeer->lock);
 
-               if (strcmp(newpeer->id, localpeer) != 0)
-                       /* We are done. */
+               if (strcmp(newpeer->id, localpeer) != 0) {
+                       newpeer->srv = curpeers->peers_fe->srv;
                        goto out;
+               }
 
                if (cfg_peers->local) {
                        ha_alert("parsing [%s:%d] : '%s %s' : local peer name already referenced at %s:%d.\n",
@@ -3633,6 +3635,13 @@ out_uri_auth_compat:
                                curpeers->peers_fe = NULL;
                        }
                        else {
+                               p = curpeers->remote;
+                               while (p) {
+                                       if (p->srv && p->srv->use_ssl &&
+                                           xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
+                                               cfgerr += xprt_get(XPRT_SSL)->prepare_srv(p->srv);
+                                       p = p->next;
+                               }
                                if (!peers_init_sync(curpeers)) {
                                        ha_alert("Peers section '%s': out of memory, giving up on peers.\n",
                                                 curpeers->id);

diff --git a/src/peers.c b/src/peers.c
index e580f2ca8f475db26ee64d198cbf3355d3d7ef3b..d4d3859e3d65e25935a97b7a59247103cd78a7fb 100644 (file)
--- a/src/peers.c
+++ b/src/peers.c
@@ -39,6 +39,7 @@
 #include <proto/log.h>
 #include <proto/hdr_idx.h>
 #include <proto/mux_pt.h>
+#include <proto/peers.h>
 #include <proto/proxy.h>
 #include <proto/session.h>
 #include <proto/stream.h>
@@ -1996,10 +1997,10 @@ static struct appctx *peer_session_create(struct peers *peers, struct peer *peer
        if (unlikely((cs = cs_new(conn)) == NULL))
                goto out_free_conn;
 
-       conn->target = s->target = &s->be->obj_type;
+       conn->target = s->target = peer_session_target(peer, s);
        memcpy(&conn->addr.to, &peer->addr, sizeof(conn->addr.to));
 
-       conn_prepare(conn, peer->proto, peer->xprt);
+       conn_prepare(conn, peer->proto, peer_xprt(peer));
        conn_install_mux(conn, &mux_pt_ops, cs, s->be, NULL);
        si_attach_cs(&s->si[1], cs);