REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it

This one doesn't use anything from an SSL context, it only checks the
type of the transport layer of a connection, thus it belongs to
connection.h. This is particularly visible due to all the ifdefs
around it in various call places.

diff --git a/include/haproxy/connection.h b/include/haproxy/connection.h
index a39c7179445d606dcf21295a72c61582cf1c7964..bd809e12881ec6dd86ea9fe0fccdb79d8a1c5da2 100644 (file)
--- a/include/haproxy/connection.h
+++ b/include/haproxy/connection.h
@@ -1227,6 +1227,16 @@ static inline XXH64_hash_t conn_hash_digest(char *buf, size_t bufsize,
        return (flags_u64 << CONN_HASH_PAYLOAD_LEN) | CONN_HASH_GET_PAYLOAD(hash);
 }
 
+/* boolean, returns true if connection is over SSL */
+static inline
+int conn_is_ssl(struct connection *conn)
+{
+       if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
+               return 0;
+       else
+               return 1;
+}
+
 #endif /* _HAPROXY_CONNECTION_H */
 
 /*

diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index 5593a935e37168b2c8bc0b49b7ead90b51c91181..f3afe617b595341ae776b5364057879792f9daf2 100644 (file)
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -145,16 +145,6 @@ int ssl_sock_register_msg_callback(ssl_sock_msg_callback_func func);
 
 SSL *ssl_sock_get_ssl_object(struct connection *conn);
 
-/* boolean, returns true if connection is over SSL */
-static inline
-int ssl_sock_is_ssl(struct connection *conn)
-{
-       if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
-               return 0;
-       else
-               return 1;
-}
-
 
 #endif /* USE_OPENSSL */
 #endif /* _HAPROXY_SSL_SOCK_H */

diff --git a/src/connection.c b/src/connection.c
index a4a8a8b137380293e8fc96dd833807d545f3932a..eaee3191a75813f0802035e50b6e288d95f58466 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -1282,7 +1282,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
                memset(tlv, 0, sizeof(struct tlv_ssl));
                ssl_tlv_len += sizeof(struct tlv_ssl);
                tlv->tlv.type = PP2_TYPE_SSL;
-               if (ssl_sock_is_ssl(remote)) {
+               if (conn_is_ssl(remote)) {
                        tlv->client |= PP2_CLIENT_SSL;
                        value = ssl_sock_get_proto_version(remote);
                        if (value) {

diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c
index 0b29fa00827e456458aca78ffc3587a049e716c9..5ddcd4c3665dca85302f8a7393fdd76c858e4aa6 100644 (file)
--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@@ -1324,7 +1324,7 @@ static int fcgi_set_default_param(struct fcgi_conn *fconn, struct fcgi_strm *fst
 #ifdef USE_OPENSSL
        if (!(params->mask & FCGI_SP_HTTPS)) {
                if (cli_conn)
-                       params->https = ssl_sock_is_ssl(cli_conn);
+                       params->https = conn_is_ssl(cli_conn);
        }
 #endif
        if ((params->mask & FCGI_SP_URI_MASK) != FCGI_SP_URI_MASK) {

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8be8c6fdefccdeebf56f3fafc73cfc990b66c183..8f7000d07dd19accfa9a2715914f45b84f88c765 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -585,7 +585,7 @@ static void ssl_sock_unregister_msg_callbacks(void)
 
 SSL *ssl_sock_get_ssl_object(struct connection *conn)
 {
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return NULL;
 
        return ((struct ssl_sock_ctx *)(conn->xprt_ctx))->ssl;
@@ -6471,7 +6471,7 @@ int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
        struct ssl_sock_ctx *ctx;
        X509 *crt;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return 0;
 
        ctx = conn->xprt_ctx;
@@ -6491,7 +6491,7 @@ const char *ssl_sock_get_cert_sig(struct connection *conn)
        __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
        X509 *crt;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return NULL;
        ctx = conn->xprt_ctx;
        crt = SSL_get_certificate(ctx->ssl);
@@ -6507,7 +6507,7 @@ const char *ssl_sock_get_sni(struct connection *conn)
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
        struct ssl_sock_ctx *ctx;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return NULL;
        ctx = conn->xprt_ctx;
        return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
@@ -6521,7 +6521,7 @@ const char *ssl_sock_get_cipher_name(struct connection *conn)
 {
        struct ssl_sock_ctx *ctx;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return NULL;
        ctx = conn->xprt_ctx;
        return SSL_get_cipher_name(ctx->ssl);
@@ -6532,7 +6532,7 @@ const char *ssl_sock_get_proto_version(struct connection *conn)
 {
        struct ssl_sock_ctx *ctx;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return NULL;
        ctx = conn->xprt_ctx;
        return SSL_get_version(ctx->ssl);
@@ -6543,7 +6543,7 @@ void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int l
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
        struct ssl_sock_ctx *ctx;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return;
        ctx = conn->xprt_ctx;
        SSL_set_alpn_protos(ctx->ssl, alpn, len);
@@ -6560,7 +6560,7 @@ void ssl_sock_set_servername(struct connection *conn, const char *hostname)
 
        char *prev_name;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return;
        ctx = conn->xprt_ctx;
 
@@ -6597,7 +6597,7 @@ int ssl_sock_get_remote_common_name(struct connection *conn,
        };
        int result = -1;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                goto out;
        ctx = conn->xprt_ctx;
 
@@ -6624,7 +6624,7 @@ int ssl_sock_get_cert_used_sess(struct connection *conn)
        struct ssl_sock_ctx *ctx;
        X509 *crt = NULL;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return 0;
        ctx = conn->xprt_ctx;
 
@@ -6642,7 +6642,7 @@ int ssl_sock_get_cert_used_conn(struct connection *conn)
 {
        struct ssl_sock_ctx *ctx;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return 0;
        ctx = conn->xprt_ctx;
        return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
@@ -6653,7 +6653,7 @@ unsigned int ssl_sock_get_verify_result(struct connection *conn)
 {
        struct ssl_sock_ctx *ctx;
 
-       if (!ssl_sock_is_ssl(conn))
+       if (!conn_is_ssl(conn))
                return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
        ctx = conn->xprt_ctx;
        return (unsigned int)SSL_get_verify_result(ctx->ssl);

diff --git a/src/tcpcheck.c b/src/tcpcheck.c
index c34095df7331d23516464651ded7f4e816d9d529..ba8a82aba4bbd2a0e62cd10cdc257cdcf161a244 100644 (file)
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c
@@ -2290,7 +2290,7 @@ int tcpcheck_main(struct check *check)
                        const char *msg = ((rule->connect.options & TCPCHK_OPT_IMPLICIT) ? NULL : "(tcp-check)");
                        enum healthcheck_status status = HCHK_STATUS_L4OK;
 #ifdef USE_OPENSSL
-                       if (ssl_sock_is_ssl(conn))
+                       if (conn_is_ssl(conn))
                                status = HCHK_STATUS_L6OK;
 #endif
                        set_server_check_status(check, status, msg);