upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

MEDIUM: ssl: remove connection from msg callback args
Some checks failed
Contrib / build (push) Has been cancelled
Details
alpine/musl / gcc (push) Has been cancelled
Details
VTest / Generate Build Matrix (push) Has been cancelled
Details
Windows / Windows, gcc, all features (push) Has been cancelled
Details
VTest / (push) Has been cancelled
Details

Browse source 
SSL msg callbacks are used for notification about sent/received SSL
messages. Such callbacks are registered via
ssl_sock_register_msg_callback().

Prior to this patch, connection was passed as first argument of these
callbacks. However, most of them do not use it. Worst, this may lead to
confusion as connection can be NULL in QUIC context.

This patch cleans this by removing connection argument. As an
alternative, connection can be retrieved in callbacks if needed using
ssl_sock_get_conn() but the code must be ready to deal with potential
NULL instances. As an example, heartbeat parsing callback has been
adjusted in this manner.
This commit is contained in:
Amaury Denoyelle 2026-01-28 10:37:38 +01:00
parent 869a997a68
commit fa094d0b61
2 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/haproxy/ssl_sock-t.h
View file

@ -194,7 +194,7 @@ struct issuer_chain {
struct connection;
typedef void (*ssl_sock_msg_callback_func)(struct connection *conn,
typedef void (*ssl_sock_msg_callback_func)(
int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl);

16
src/ssl_sock.c
View file

@ -799,16 +799,16 @@ static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
/* Dedicated callback functions for heartbeat and clienthello.
*/
#ifdef TLS1_RT_HEARTBEAT
static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int version,
static void ssl_sock_parse_heartbeat(int write_p, int version,
int content_type, const void *buf, size_t len,
SSL *ssl);
#endif
static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int version,
static void ssl_sock_parse_clienthello(int write_p, int version,
int content_type, const void *buf, size_t len,
SSL *ssl);
#ifdef HAVE_SSL_KEYLOG
static void ssl_init_keylog(struct connection *conn, int write_p, int version,
static void ssl_init_keylog(int write_p, int version,
int content_type, const void *buf, size_t len,
SSL *ssl);
#endif
@ -1799,13 +1799,14 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
}
#ifdef TLS1_RT_HEARTBEAT
static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int version,
static void ssl_sock_parse_heartbeat(int write_p, int version,
int content_type, const void *buf, size_t len,
SSL *ssl)
{
/* test heartbeat received (write_p is set to 0
for a received record) */
if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
struct connection *conn = ssl_sock_get_conn(ssl, NULL);
struct ssl_sock_ctx *ctx = NULL;
const unsigned char *p = buf;
unsigned int payload;
@ -1845,7 +1846,7 @@ static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int v
}
#endif
static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int version,
static void ssl_sock_parse_clienthello(int write_p, int version,
int content_type, const void *buf, size_t len,
SSL *ssl)
{
@ -2139,7 +2140,7 @@ static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int
#ifdef HAVE_SSL_KEYLOG
static void ssl_init_keylog(struct connection *conn, int write_p, int version,
static void ssl_init_keylog(int write_p, int version,
int content_type, const void *buf, size_t len,
SSL *ssl)
{
@ -2162,14 +2163,13 @@ static void ssl_init_keylog(struct connection *conn, int write_p, int version,
/* Callback is called for ssl protocol analyse */
static __maybe_unused void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
{
struct connection *conn = ssl_sock_get_conn(ssl, NULL);
struct ssl_sock_msg_callback *cbk;
/* Try to call all callback functions that were registered by using
* ssl_sock_register_msg_callback().
*/
list_for_each_entry(cbk, &ssl_sock_msg_callbacks, list) {
cbk->func(conn, write_p, version, content_type, buf, len, ssl);
cbk->func(write_p, version, content_type, buf, len, ssl);
}
}