From: Amaury Denoyelle Date: Wed, 28 Jan 2026 09:37:38 +0000 (+0100) Subject: MEDIUM: ssl: remove connection from msg callback args X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa094d0b619343f61fab877ef65f43b404262dd9;p=thirdparty%2Fhaproxy.git MEDIUM: ssl: remove connection from msg callback args SSL msg callbacks are used for notification about sent/received SSL messages. Such callbacks are registered via ssl_sock_register_msg_callback(). Prior to this patch, connection was passed as first argument of these callbacks. However, most of them do not use it. Worst, this may lead to confusion as connection can be NULL in QUIC context. This patch cleans this by removing connection argument. As an alternative, connection can be retrieved in callbacks if needed using ssl_sock_get_conn() but the code must be ready to deal with potential NULL instances. As an example, heartbeat parsing callback has been adjusted in this manner. --- diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h index af10facee..8b18e8241 100644 --- a/include/haproxy/ssl_sock-t.h +++ b/include/haproxy/ssl_sock-t.h @@ -194,7 +194,7 @@ struct issuer_chain { struct connection; -typedef void (*ssl_sock_msg_callback_func)(struct connection *conn, +typedef void (*ssl_sock_msg_callback_func)( int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl); diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 413f07a5e..ea161a2ba 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -799,16 +799,16 @@ static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */ /* Dedicated callback functions for heartbeat and clienthello. */ #ifdef TLS1_RT_HEARTBEAT -static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int version, +static void ssl_sock_parse_heartbeat(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl); #endif -static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int version, +static void ssl_sock_parse_clienthello(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl); #ifdef HAVE_SSL_KEYLOG -static void ssl_init_keylog(struct connection *conn, int write_p, int version, +static void ssl_init_keylog(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl); #endif @@ -1799,13 +1799,14 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store) } #ifdef TLS1_RT_HEARTBEAT -static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int version, +static void ssl_sock_parse_heartbeat(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl) { /* test heartbeat received (write_p is set to 0 for a received record) */ if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) { + struct connection *conn = ssl_sock_get_conn(ssl, NULL); struct ssl_sock_ctx *ctx = NULL; const unsigned char *p = buf; unsigned int payload; @@ -1845,7 +1846,7 @@ static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int v } #endif -static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int version, +static void ssl_sock_parse_clienthello(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl) { @@ -2139,7 +2140,7 @@ static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int #ifdef HAVE_SSL_KEYLOG -static void ssl_init_keylog(struct connection *conn, int write_p, int version, +static void ssl_init_keylog(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl) { @@ -2162,14 +2163,13 @@ static void ssl_init_keylog(struct connection *conn, int write_p, int version, /* Callback is called for ssl protocol analyse */ static __maybe_unused void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { - struct connection *conn = ssl_sock_get_conn(ssl, NULL); struct ssl_sock_msg_callback *cbk; /* Try to call all callback functions that were registered by using * ssl_sock_register_msg_callback(). */ list_for_each_entry(cbk, &ssl_sock_msg_callbacks, list) { - cbk->func(conn, write_p, version, content_type, buf, len, ssl); + cbk->func(write_p, version, content_type, buf, len, ssl); } }