MINOR: ssl: convert to binary ssl_fc_unique_id and ssl_bc_unique_id.

Previously ssl_fc_unique_id and ssl_bc_unique_id return a string encoded in base64 of the RFC 5929 TLS unique identifier. This patch modify those fetches to return directly the ID in the original binary format. The user can make the choice to encode in base64 using the converter. i.e. : ssl_fc_unique_id,base64
2014-04-30 18:49:19 +02:00 · 2014-04-30 18:49:19 +02:00 · b73a9b039c
commit b73a9b039c
parent 53d1a98270
2 changed files with 11 additions and 20 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -10301,10 +10301,10 @@ ssl_bc_protocol : string
  Returns the name of the used protocol when the outgoing connection was made
  over an SSL/TLS transport layer.

-ssl_bc_unique_id : string
+ssl_bc_unique_id : binary
  When the outgoing connection was made over an SSL/TLS transport layer,
-  returns a base64 encoded string containing the TLS unique ID as defined
-  in RFC5929 section 3.
+  returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+  can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".

 ssl_bc_session_id : binary
  Returns the SSL ID of the back connection when the outgoing connection was
@ -10513,10 +10513,10 @@ ssl_fc_protocol : string
  Returns the name of the used protocol when the incoming connection was made
  over an SSL/TLS transport layer.

-ssl_fc_unique_id : string
+ssl_fc_unique_id : binary
  When the incoming connection was made over an SSL/TLS transport layer,
-  returns a base64 encoded string containing the TLS unique ID as defined
-  in RFC5929 section 3.
+  returns the TLS unique ID as defined in RFC5929 section 3. The unique id
+  can be encoded to base64 using the converter: "ssl_bc_unique_id,base64".

 ssl_fc_session_id : binary
  Returns the SSL ID of the front connection when the incoming connection was
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -45,7 +45,6 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>

-#include <common/base64.h>
 #include <common/buffer.h>
 #include <common/compat.h>
 #include <common/config.h>
@ -2671,9 +2670,7 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig
 	int back_conn = (kw[4] == 'b') ? 1 : 0;
 	struct connection *conn;
 	int finished_len;
-	int b64_len;
 	struct chunk *finished_trash;
-	struct chunk *smp_trash;

 	smp->flags = 0;

@ -2698,15 +2695,9 @@ smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsig
 	if (!finished_len)
 		return 0;

-	smp_trash = get_trash_chunk();
-	b64_len = a2base64(finished_trash->str, finished_len, smp_trash->str, smp_trash->size);
-	if (b64_len < 0)
-		return 0;
-
-	smp->data.str.str = smp_trash->str;
-	smp->type = SMP_T_STR;
-	smp->flags |= SMP_F_CONST;
-	smp->data.str.len = b64_len;
+	finished_trash->len = finished_len;
+	smp->data.str = *finished_trash;
+	smp->type = SMP_T_BIN;

 	return 1;
 #else
@ -3411,7 +3402,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
 	{ "ssl_bc_alg_keysize",     smp_fetch_ssl_fc_alg_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5SRV },
 	{ "ssl_bc_cipher",          smp_fetch_ssl_fc_cipher,      0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
 	{ "ssl_bc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
-	{ "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_STR,  SMP_USE_L5SRV },
+	{ "ssl_bc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
 	{ "ssl_bc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5SRV },
 	{ "ssl_bc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5SRV },
 	{ "ssl_c_ca_err",           smp_fetch_ssl_c_ca_err,       0,                   NULL,    SMP_T_UINT, SMP_USE_L5CLI },
@ -3449,7 +3440,7 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
 	{ "ssl_fc_alpn",            smp_fetch_ssl_fc_alpn,        0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
 #endif
 	{ "ssl_fc_protocol",        smp_fetch_ssl_fc_protocol,    0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
-	{ "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },
+	{ "ssl_fc_unique_id",       smp_fetch_ssl_fc_unique_id,   0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
 	{ "ssl_fc_use_keysize",     smp_fetch_ssl_fc_use_keysize, 0,                   NULL,    SMP_T_UINT, SMP_USE_L5CLI },
 	{ "ssl_fc_session_id",      smp_fetch_ssl_fc_session_id,  0,                   NULL,    SMP_T_BIN,  SMP_USE_L5CLI },
 	{ "ssl_fc_sni",             smp_fetch_ssl_fc_sni,         0,                   NULL,    SMP_T_STR,  SMP_USE_L5CLI },