MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id.

Previously ssl_fc_unique_id and ssl_bc_unique_id return a string encoded
in base64 of the RFC 5929 TLS unique identifier. This patch modify those fetches
to return directly the ID in the original binary format. The user can make the
choice to encode in base64 using the converter.

i.e. : ssl_fc_unique_id,base64

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3d4aee7029d3c0c4577a66a3a7b77d5bd8652769..8207067a2ca5046b8812e00c490d55ae8019cabc 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -10301,10 +10301,10 @@ ssl_bc_protocol : string
   Returns the name of the used protocol when the outgoing connection was made
   over an SSL/TLS transport layer.
 
-ssl_bc_unique_id : string
+ssl_bc_unique_id : binary
   When the outgoing connection was made over an SSL/TLS transport layer,
-  returns a base64 encoded string containing the TLS unique ID as defined
-  in RFC5929 section 3.
+  returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+  can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".
 
 ssl_bc_session_id : binary
   Returns the SSL ID of the back connection when the outgoing connection was
@@ -10513,10 +10513,10 @@ ssl_fc_protocol : string
   Returns the name of the used protocol when the incoming connection was made
   over an SSL/TLS transport layer.
 
-ssl_fc_unique_id : string
+ssl_fc_unique_id : binary
   When the incoming connection was made over an SSL/TLS transport layer,
-  returns a base64 encoded string containing the TLS unique ID as defined
-  in RFC5929 section 3.
+  returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+  can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".
 
 ssl_fc_session_id : binary
   Returns the SSL ID of the front connection when the incoming connection was

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 19ede394520f7ea90423678404868e2b107f8052..229290f864bc0e1e5b933aa4d94466b175a5ec3f 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -45,7 +45,6 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 
-#include <common/base64.h>
 #include <common/buffer.h>
 #include <common/compat.h>
 #include <common/config.h>
@@ -2671,9 +2670,7 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig
        int back_conn = (kw[4] == 'b') ? 1 : 0;
        struct connection *conn;
        int finished_len;
-       int b64_len;
        struct chunk *finished_trash;
-       struct chunk *smp_trash;
 
        smp->flags = 0;
 
@@ -2698,15 +2695,9 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig
        if (!finished_len)
                return 0;
 
-       smp_trash = get_trash_chunk();
-       b64_len = a2base64(finished_trash->str, finished_len, smp_trash->str, smp_trash->size);
-       if (b64_len < 0)
-               return 0;
-
-       smp->data.str.str = smp_trash->str;
-       smp->type = SMP_T_STR;
-       smp->flags |= SMP_F_CONST;
-       smp->data.str.len = b64_len;
+       finished_trash->len = finished_len;
+       smp->data.str = *finished_trash;
+       smp->type = SMP_T_BIN;
 
        return 1;
 #else
@@ -3411,7 +3402,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
        { "ssl_bc_alg_keysize",     smp_fetch_ssl_fc_alg_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5SRV },
        { "ssl_bc_cipher",          smp_fetch_ssl_fc_cipher,      0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
        { "ssl_bc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
-       { "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
+       { "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
        { "ssl_bc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5SRV },
        { "ssl_bc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
        { "ssl_c_ca_err",           smp_fetch_ssl_c_ca_err,       0,                   NULL,    SMP_T_UINT, SMP_USE_L5CLI },
@@ -3449,7 +3440,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
        { "ssl_fc_alpn",            smp_fetch_ssl_fc_alpn,        0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 #endif
        { "ssl_fc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
-       { "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
+       { "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
        { "ssl_fc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5CLI },
        { "ssl_fc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
        { "ssl_fc_sni",             smp_fetch_ssl_fc_sni,         0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },