MEDIUM: ssl: remove connection from msg callback args

SSL msg callbacks are used for notification about sent/received SSL
messages. Such callbacks are registered via
ssl_sock_register_msg_callback().

Prior to this patch, connection was passed as first argument of these
callbacks. However, most of them do not use it. Worst, this may lead to
confusion as connection can be NULL in QUIC context.

This patch cleans this by removing connection argument. As an
alternative, connection can be retrieved in callbacks if needed using
ssl_sock_get_conn() but the code must be ready to deal with potential
NULL instances. As an example, heartbeat parsing callback has been
adjusted in this manner.

diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h
index af10facee8deffe389cbed2da051c2cd91421d42..8b18e8241d0eef563db7b6f18fd948784092ac9f 100644 (file)
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h
@@ -194,7 +194,7 @@ struct issuer_chain {
 
 struct connection;
 
-typedef void (*ssl_sock_msg_callback_func)(struct connection *conn,
+typedef void (*ssl_sock_msg_callback_func)(
        int write_p, int version, int content_type,
        const void *buf, size_t len, SSL *ssl);
 

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 413f07a5ec3092b200bfe44a25b2eb5271405d0f..ea161a2ba1f766bce9b0da1c61df746a0d8b3817 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -799,16 +799,16 @@ static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
 /* Dedicated callback functions for heartbeat and clienthello.
  */
 #ifdef TLS1_RT_HEARTBEAT
-static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int version,
+static void ssl_sock_parse_heartbeat(int write_p, int version,
                                      int content_type, const void *buf, size_t len,
                                      SSL *ssl);
 #endif
-static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int version,
+static void ssl_sock_parse_clienthello(int write_p, int version,
                                        int content_type, const void *buf, size_t len,
                                        SSL *ssl);
 
 #ifdef HAVE_SSL_KEYLOG
-static void ssl_init_keylog(struct connection *conn, int write_p, int version,
+static void ssl_init_keylog(int write_p, int version,
                             int content_type, const void *buf, size_t len,
                             SSL *ssl);
 #endif
@@ -1799,13 +1799,14 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
 }
 
 #ifdef TLS1_RT_HEARTBEAT
-static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int version,
+static void ssl_sock_parse_heartbeat(int write_p, int version,
                                      int content_type, const void *buf, size_t len,
                                      SSL *ssl)
 {
        /* test heartbeat received (write_p is set to 0
           for a received record) */
        if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
+               struct connection *conn = ssl_sock_get_conn(ssl, NULL);
                struct ssl_sock_ctx *ctx = NULL;
                const unsigned char *p = buf;
                unsigned int payload;
@@ -1845,7 +1846,7 @@ static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int v
 }
 #endif
 
-static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int version,
+static void ssl_sock_parse_clienthello(int write_p, int version,
                                        int content_type, const void *buf, size_t len,
                                        SSL *ssl)
 {
@@ -2139,7 +2140,7 @@ static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int
 
 
 #ifdef HAVE_SSL_KEYLOG
-static void ssl_init_keylog(struct connection *conn, int write_p, int version,
+static void ssl_init_keylog(int write_p, int version,
                             int content_type, const void *buf, size_t len,
                             SSL *ssl)
 {
@@ -2162,14 +2163,13 @@ static void ssl_init_keylog(struct connection *conn, int write_p, int version,
 /* Callback is called for ssl protocol analyse */
 static __maybe_unused void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
 {
-       struct connection *conn = ssl_sock_get_conn(ssl, NULL);
        struct ssl_sock_msg_callback *cbk;
 
        /* Try to call all callback functions that were registered by using
         * ssl_sock_register_msg_callback().
         */
        list_for_each_entry(cbk, &ssl_sock_msg_callbacks, list) {
-               cbk->func(conn, write_p, version, content_type, buf, len, ssl);
+               cbk->func(write_p, version, content_type, buf, len, ssl);
        }
 }