From: Willy Tarreau Date: Wed, 6 Oct 2021 09:38:44 +0000 (+0200) Subject: REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it X-Git-Tag: v2.5-dev9~78 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1057beecdabb188ae8c47884dca84eef49fa49be;p=thirdparty%2Fhaproxy.git REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it This one doesn't use anything from an SSL context, it only checks the type of the transport layer of a connection, thus it belongs to connection.h. This is particularly visible due to all the ifdefs around it in various call places. --- diff --git a/include/haproxy/connection.h b/include/haproxy/connection.h index a39c717944..bd809e1288 100644 --- a/include/haproxy/connection.h +++ b/include/haproxy/connection.h @@ -1227,6 +1227,16 @@ static inline XXH64_hash_t conn_hash_digest(char *buf, size_t bufsize, return (flags_u64 << CONN_HASH_PAYLOAD_LEN) | CONN_HASH_GET_PAYLOAD(hash); } +/* boolean, returns true if connection is over SSL */ +static inline +int conn_is_ssl(struct connection *conn) +{ + if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx) + return 0; + else + return 1; +} + #endif /* _HAPROXY_CONNECTION_H */ /* diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h index 5593a935e3..f3afe617b5 100644 --- a/include/haproxy/ssl_sock.h +++ b/include/haproxy/ssl_sock.h @@ -145,16 +145,6 @@ int ssl_sock_register_msg_callback(ssl_sock_msg_callback_func func); SSL *ssl_sock_get_ssl_object(struct connection *conn); -/* boolean, returns true if connection is over SSL */ -static inline -int ssl_sock_is_ssl(struct connection *conn) -{ - if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx) - return 0; - else - return 1; -} - #endif /* USE_OPENSSL */ #endif /* _HAPROXY_SSL_SOCK_H */ diff --git a/src/connection.c b/src/connection.c index a4a8a8b137..eaee3191a7 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1282,7 +1282,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec memset(tlv, 0, sizeof(struct tlv_ssl)); ssl_tlv_len += sizeof(struct tlv_ssl); tlv->tlv.type = PP2_TYPE_SSL; - if (ssl_sock_is_ssl(remote)) { + if (conn_is_ssl(remote)) { tlv->client |= PP2_CLIENT_SSL; value = ssl_sock_get_proto_version(remote); if (value) { diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c index 0b29fa0082..5ddcd4c366 100644 --- a/src/mux_fcgi.c +++ b/src/mux_fcgi.c @@ -1324,7 +1324,7 @@ static int fcgi_set_default_param(struct fcgi_conn *fconn, struct fcgi_strm *fst #ifdef USE_OPENSSL if (!(params->mask & FCGI_SP_HTTPS)) { if (cli_conn) - params->https = ssl_sock_is_ssl(cli_conn); + params->https = conn_is_ssl(cli_conn); } #endif if ((params->mask & FCGI_SP_URI_MASK) != FCGI_SP_URI_MASK) { diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 8be8c6fdef..8f7000d07d 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -585,7 +585,7 @@ static void ssl_sock_unregister_msg_callbacks(void) SSL *ssl_sock_get_ssl_object(struct connection *conn) { - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return NULL; return ((struct ssl_sock_ctx *)(conn->xprt_ctx))->ssl; @@ -6471,7 +6471,7 @@ int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out) struct ssl_sock_ctx *ctx; X509 *crt; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return 0; ctx = conn->xprt_ctx; @@ -6491,7 +6491,7 @@ const char *ssl_sock_get_cert_sig(struct connection *conn) __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm; X509 *crt; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return NULL; ctx = conn->xprt_ctx; crt = SSL_get_certificate(ctx->ssl); @@ -6507,7 +6507,7 @@ const char *ssl_sock_get_sni(struct connection *conn) #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME struct ssl_sock_ctx *ctx; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return NULL; ctx = conn->xprt_ctx; return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name); @@ -6521,7 +6521,7 @@ const char *ssl_sock_get_cipher_name(struct connection *conn) { struct ssl_sock_ctx *ctx; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return NULL; ctx = conn->xprt_ctx; return SSL_get_cipher_name(ctx->ssl); @@ -6532,7 +6532,7 @@ const char *ssl_sock_get_proto_version(struct connection *conn) { struct ssl_sock_ctx *ctx; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return NULL; ctx = conn->xprt_ctx; return SSL_get_version(ctx->ssl); @@ -6543,7 +6543,7 @@ void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int l #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation struct ssl_sock_ctx *ctx; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return; ctx = conn->xprt_ctx; SSL_set_alpn_protos(ctx->ssl, alpn, len); @@ -6560,7 +6560,7 @@ void ssl_sock_set_servername(struct connection *conn, const char *hostname) char *prev_name; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return; ctx = conn->xprt_ctx; @@ -6597,7 +6597,7 @@ int ssl_sock_get_remote_common_name(struct connection *conn, }; int result = -1; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) goto out; ctx = conn->xprt_ctx; @@ -6624,7 +6624,7 @@ int ssl_sock_get_cert_used_sess(struct connection *conn) struct ssl_sock_ctx *ctx; X509 *crt = NULL; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return 0; ctx = conn->xprt_ctx; @@ -6642,7 +6642,7 @@ int ssl_sock_get_cert_used_conn(struct connection *conn) { struct ssl_sock_ctx *ctx; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return 0; ctx = conn->xprt_ctx; return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0; @@ -6653,7 +6653,7 @@ unsigned int ssl_sock_get_verify_result(struct connection *conn) { struct ssl_sock_ctx *ctx; - if (!ssl_sock_is_ssl(conn)) + if (!conn_is_ssl(conn)) return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION; ctx = conn->xprt_ctx; return (unsigned int)SSL_get_verify_result(ctx->ssl); diff --git a/src/tcpcheck.c b/src/tcpcheck.c index c34095df73..ba8a82aba4 100644 --- a/src/tcpcheck.c +++ b/src/tcpcheck.c @@ -2290,7 +2290,7 @@ int tcpcheck_main(struct check *check) const char *msg = ((rule->connect.options & TCPCHK_OPT_IMPLICIT) ? NULL : "(tcp-check)"); enum healthcheck_status status = HCHK_STATUS_L4OK; #ifdef USE_OPENSSL - if (ssl_sock_is_ssl(conn)) + if (conn_is_ssl(conn)) status = HCHK_STATUS_L6OK; #endif set_server_check_status(check, status, msg);