From 335b5adf2c73597dc7c83fdfd94d1ca0ddd5bca3 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 30 Aug 2023 12:00:29 +0200 Subject: [PATCH] CLEANUP: ssl: keep a pointer to the server in ssl_sock_init() We're using about 6 times "__objt_server(conn->target)" there, it's not quite easy to read, let's keep a pointer to the server. --- src/ssl_sock.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 141d8c9735..f37d9e9314 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5701,30 +5701,33 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx) /* If it is in client mode initiate SSL session in connect state otherwise accept state */ if (objt_server(conn->target)) { - if (ssl_bio_and_sess_init(conn, __objt_server(conn->target)->ssl_ctx.ctx, + struct server *srv = __objt_server(conn->target); + + if (ssl_bio_and_sess_init(conn, srv->ssl_ctx.ctx, &ctx->ssl, &ctx->bio, ha_meth, ctx) == -1) goto err; SSL_set_connect_state(ctx->ssl); - HA_RWLOCK_RDLOCK(SSL_SERVER_LOCK, &(__objt_server(conn->target)->ssl_ctx.lock)); - if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) { + HA_RWLOCK_RDLOCK(SSL_SERVER_LOCK, &srv->ssl_ctx.lock); + if (srv->ssl_ctx.reused_sess[tid].ptr) { /* let's recreate a session from (ptr,size) and assign * it to ctx->ssl. Its refcount will be updated by the * creation and by the assignment, so after assigning * it or failing to, we must always free it to decrement * the refcount. */ - const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr; - SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size); + const unsigned char *ptr = srv->ssl_ctx.reused_sess[tid].ptr; + SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, srv->ssl_ctx.reused_sess[tid].size); + if (sess && !SSL_set_session(ctx->ssl, sess)) { SSL_SESSION_free(sess); - ha_free(&__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr); + ha_free(&srv->ssl_ctx.reused_sess[tid].ptr); } else if (sess) { /* already assigned, not needed anymore */ SSL_SESSION_free(sess); } } - HA_RWLOCK_RDUNLOCK(SSL_SERVER_LOCK, &(__objt_server(conn->target)->ssl_ctx.lock)); + HA_RWLOCK_RDUNLOCK(SSL_SERVER_LOCK, &srv->ssl_ctx.lock); /* leave init state and start handshake */ conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN; -- 2.47.3