upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-15 00:33:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
haproxy/src
History
Remi Tricot-Le Breton 9543d5ad5b MINOR: ssl: Store the last SSL error code in case of read or write failure 
In case of error while calling a SSL_read or SSL_write, the
SSL_get_error function is called in order to know more about the error
that happened. If the error code is SSL_ERROR_SSL or SSL_ERROR_SYSCALL,
the error queue might contain more information on the error. This error
code was not used until now. But we now need to store it in order for
backend error fetches to catch all handshake related errors.

The change was required because the previous backend fetch would not
have raised anything if the client's certificate was rejected by the
server (and the connection interrupted). This happens because starting
from TLS1.3, the 'Finished' state on the client is reached before its
certificate is sent to the server (see the "Protocol Overview" part of
RFC 8446). The only place where we can detect that the server rejected the
certificate is after the first SSL_read call after the SSL_do_handshake
function.

This patch then adds an extra ERR_peek_error after the SSL_read and
SSL_write calls in ssl_sock_to_buf and ssl_sock_from_buf. This means
that it could set an error code in the SSL context a long time after the
handshake is over, hence the change in the error fetches.
2021-09-30 11:04:35 +02:00
..
acl.c CLEANUP: acl: Remove unused variable when releasing an acl expression 2021-09-16 08:31:46 +02:00
action.c MEDIUM: global: remove dead code from nbproc/bind_proc removal 2021-06-15 16:52:42 +02:00
activity.c BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING 2021-08-28 12:04:25 +02:00
applet.c BUG/MINOR: applet: Notify the other side if data were consumed by an applet 2021-04-28 10:51:08 +02:00
arg.c BUG/MINOR: arg: free all args on make_arg_list()'s error path 2021-07-17 18:36:43 +02:00
auth.c BUILD: auth: include missing list.h 2021-05-08 12:29:51 +02:00
backend.c BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL 2021-08-30 09:39:24 +02:00
base64.c BUG/MINOR: base64: base64urldec() ignores padding in output size check 2021-08-25 16:14:14 +02:00
cache.c BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header 2021-06-18 15:48:20 +02:00
calltrace.c BUILD: trace: include tools.h 2020-09-25 17:54:48 +02:00
cbuf.c MINOR: quic: Make circular buffer internal buffers be variable-sized. 2021-09-23 15:27:25 +02:00
cfgcond.c MINOR: cfgcond: implements openssl_version_atleast and openssl_version_before 2021-08-22 00:30:24 +02:00
cfgdiag.c CLEANUP: assorted typo fixes in the code and comments 2021-04-26 10:42:58 +02:00
cfgparse-global.c MINOR: config: use a standard parser for the "nbthread" keyword 2021-09-27 09:47:40 +02:00
cfgparse-listen.c MINOR: log: Add new "error-log-format" option 2021-08-31 12:13:08 +02:00
cfgparse-ssl.c MINOR: server: enable more keywords for ssl checks for dynamic servers 2021-09-21 14:00:07 +02:00
cfgparse-tcp.c MINOR: server: prepare parsing for dynamic servers 2021-03-18 15:51:12 +01:00
cfgparse-unix.c MINOR: listener: create a new struct "settings" in bind_conf 2020-09-16 20:13:13 +02:00
cfgparse.c BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB 2021-09-03 16:15:29 +02:00
channel.c CLEANUP: channel: fix comment in ci_putblk. 2021-02-13 09:43:17 +01:00
check.c REORG: server: move slowstart init outside of checks 2021-09-21 14:00:32 +02:00
chunk.c MINOR: pool: move pool declarations to read_mostly 2021-04-10 19:27:41 +02:00
cli.c BUG/MINOR: cli/payload: do not search for args inside payload 2021-09-17 11:50:09 +02:00
compression.c BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo 2021-05-31 10:51:04 +02:00
connection.c BUG/MINOR: connection: prevent null deref on mux cleanup task allocation 2021-09-16 17:45:52 +02:00
cpuset.c BUG/MAJOR: fix build on musl with cpu_set_t support 2021-04-27 14:11:26 +02:00
debug.c CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages 2021-05-07 11:51:26 +02:00
dgram.c REORG: dgram: rename proto_udp to dgram 2020-06-11 10:18:59 +02:00
dict.c CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec 2021-04-07 18:18:37 +02:00
dns.c MINOR: applet: remove the thread mask from appctx_new() 2021-09-17 16:08:34 +02:00
dynbuf.c BUG/MINOR: buffer: fix buffer_dump() formatting 2021-08-12 00:51:45 +02:00
eb32sctree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
eb32tree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
eb64tree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebimtree.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
ebistree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebmbtree.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
ebpttree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebsttree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebtree.c BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks 2020-06-16 11:30:33 +02:00
errors.c CLEANUP: Apply xalloc_size.cocci 2021-09-17 17:22:05 +02:00
ev_epoll.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
ev_evports.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
ev_kqueue.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
ev_poll.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
ev_select.c MEDIUM: threads: add a stronger thread_isolate_full() call 2021-08-04 14:49:36 +02:00
extcheck.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
fcgi-app.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
fcgi.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
fd.c BUILD: fd: remove unused variable totlen in fd_write_frag_line() 2021-09-17 12:00:27 +02:00
filters.c BUG/MINOR: filters: Set right FLT_END analyser depending on channel 2021-09-10 10:35:53 +02:00
fix.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
flt_http_comp.c BUG/MEDIUM: compression: Add a flag to know the filter is still processing data 2021-06-10 08:57:55 +02:00
flt_spoe.c CLEANUP: Include check.h in flt_spoe.c 2021-09-20 18:37:32 +02:00
flt_trace.c BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set 2021-09-20 16:06:58 +02:00
freq_ctr.c BUG/MINOR: freq_ctr: use stricter barriers between updates and readings 2021-08-01 17:34:06 +02:00
frontend.c MINOR: http-ana: Simplify creation/destruction of HTTP transactions 2021-04-01 11:06:48 +02:00
h1.c MINOR: h1: Change T-E header parsing to fail if chunked encoding is found twice 2021-09-28 16:21:25 +02:00
h1_htx.c BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer 2021-09-23 16:13:17 +02:00
h2.c BUG/MEDIUM: h2: match absolute-path not path-absolute for :path 2021-08-19 23:38:18 +02:00
h3.c MINOR: h3/mux: detect fin on last h3 frame of the stream 2021-09-23 15:27:25 +02:00
haproxy.c MINOR: init: extract the setup and end of threads to their own functions 2021-09-28 11:44:31 +02:00
hash.c REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ 2020-06-11 10:18:56 +02:00
hlua.c MINOR: h1: Change T-E header parsing to fail if chunked encoding is found twice 2021-09-28 16:21:25 +02:00
hlua_fcn.c MINOR: server: mark servers referenced by LUA script as non purgeable 2021-08-25 15:53:54 +02:00
hpack-dec.c CLEANUP: Use isttest(const struct ist) whenever possible 2021-03-03 05:07:10 +01:00
hpack-enc.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
hpack-huff.c CONTRIB: move some dev-specific tools to dev/ 2021-04-02 17:48:42 +02:00
hpack-tbl.c MINOR: pool: move pool declarations to read_mostly 2021-04-10 19:27:41 +02:00
http.c MINOR: http: Add 422-Unprocessable-Content error message 2021-09-28 16:21:25 +02:00
http_acl.c CLEANUP: acl: don't reference the generic pattern deletion function anymore 2020-11-05 19:27:09 +01:00
http_act.c MINOR: http-rules: add a new "ignore-empty" option to redirects. 2021-09-02 17:06:18 +02:00
http_ana.c BUG/MINOR: http-ana: increment internal_errors counter on response error 2021-09-23 16:25:47 +02:00
http_client.c BUG/MEDIUM: httpclient: replace ist0 by istptr 2021-09-26 18:19:55 +02:00
http_conv.c BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time 2021-08-30 06:14:32 +02:00
http_fetch.c MINOR: http: use http uri parser for path 2021-07-08 17:11:17 +02:00
http_htx.c MINOR: http: use http uri parser for path 2021-07-08 17:11:17 +02:00
http_rules.c MINOR: http-rules: add a new "ignore-empty" option to redirects. 2021-09-02 17:06:18 +02:00
htx.c MINOR: htx: Add an HTX flag to know when a message is fragmented 2021-09-23 16:19:36 +02:00
init.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
lb_chash.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
lb_fas.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
lb_fwlc.c BUG/MEDIUM: leastconn: fix rare possibility of divide by zero 2021-09-22 07:24:02 +02:00
lb_fwrr.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
lb_map.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
listener.c MEDIUM: listener: deprecate "process" in favor of "thread" on bind lines 2021-09-21 14:35:42 +02:00
log.c MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err 2021-09-30 11:04:35 +02:00
lru.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
mailers.c MEDIUM: mailers: use "HAProxy" nor "HAproxy" in the subject of messages 2021-05-09 06:45:16 +02:00
map.c MINOR: map/acl: print the count of all the map/acl entries in "show map/acl" 2021-05-25 08:44:45 +02:00
mjson.c MINOR: sample: converter: Add mjson library. 2021-04-15 17:05:38 +02:00
mqtt.c BUG/MINOR: mqtt: Support empty client ID in CONNECT message 2021-06-28 16:29:44 +02:00
mux_fcgi.c BUG/MEDIUM: mux-h1/mux-fcgi: Reject messages with unknown transfer encoding 2021-09-28 16:39:47 +02:00
mux_h1.c BUG/MEDIUM: mux-h1/mux-fcgi: Reject messages with unknown transfer encoding 2021-09-28 16:39:47 +02:00
mux_h2.c MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf 2021-09-23 16:25:47 +02:00
mux_pt.c MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf 2021-09-23 16:25:47 +02:00
mux_quic.c MINOR: quic: fix qcc subs initialization 2021-09-23 15:27:25 +02:00
mworker-prog.c BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs 2021-07-21 10:17:02 +02:00
mworker.c MINOR: proxy: disabled takes a stopping and a disabled state 2021-08-03 14:17:45 +02:00
namespace.c REORG: include: move the error reporting functions to from log.h to errors.h 2020-06-11 10:18:59 +02:00
pattern.c CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h 2021-09-11 19:58:45 +02:00
payload.c BUILD: payload: include tools.h in payload.c 2021-05-08 13:55:40 +02:00
peers.c MINOR: applet: remove the thread mask from appctx_new() 2021-09-17 16:08:34 +02:00
pipe.c CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec 2021-04-07 18:18:37 +02:00
pool.c MINOR: pools: use mallinfo2() when available instead of mallinfo() 2021-09-16 09:20:16 +02:00
proto_quic.c MINOR: quic: Make use of the last cbuf API when initializing TX ring buffers 2021-09-23 15:27:25 +02:00
proto_sockpair.c BUILD: sockpair: do not set unused flag 2021-09-17 11:56:25 +02:00
proto_tcp.c MINOR: fd: move .linger_risk into fdtab[].state 2021-04-07 18:07:49 +02:00
proto_udp.c BUILD: udp: include tools.h from proto_udp.c 2021-05-08 13:59:56 +02:00
proto_uxdg.c BUG/MINOR: protocol: add missing support of dgram unix socket. 2021-03-18 18:30:29 +01:00
proto_uxst.c BUILD: proto_uxst: do not set unused flag 2021-09-17 11:59:15 +02:00
protocol.c MEDIUM: proxy: remove the deprecated "grace" keyword 2021-06-11 16:57:34 +02:00
proxy.c MINOR: proxy: add a global "grace" directive to postpone soft-stop 2021-09-07 17:34:29 +02:00
qpack-dec.c MINOR: qpack: generate headers list on decoder 2021-09-23 15:27:25 +02:00
qpack-enc.c MINOR: qpack: encode headers functions 2021-09-23 15:27:25 +02:00
qpack-tbl.c MINOR: qpack: fix wrong comment 2021-09-23 15:27:25 +02:00
queue.c BUG/MAJOR: queue: better protect a pendconn being picked from the proxy 2021-08-31 18:37:13 +02:00
quic_cc.c MINOR: quic: Import C source code files for QUIC protocol. 2020-12-23 11:57:26 +01:00
quic_cc_newreno.c MINOR: quic: Add traces to congestion avoidance NewReno callback. 2020-12-23 11:57:26 +01:00
quic_frame.c MINOR: quic: Constantness fixes for frame builders/parsers. 2021-09-23 15:27:25 +02:00
quic_sock.c MINOR: quic_sock: Do not flag QUIC connections as being set 2021-09-23 15:27:25 +02:00
quic_tls.c MINOR: quic: Make QUIC-TLS support at least two initial salts 2021-09-23 15:27:25 +02:00
raw_sock.c MINOR: fd: move .linger_risk into fdtab[].state 2021-04-07 18:07:49 +02:00
regex.c OPTIM: regex: PCRE2 use JIT match when JIT optimisation occured. 2020-08-14 07:53:40 +02:00
resolvers.c BUG/MINOR: resolvers: mark servers with name-resolution as non purgeable 2021-08-26 15:53:17 +02:00
ring.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
sample.c BUILD: sample: fix format warning on 32-bit archs in sample_conv_be2dec_check() 2021-09-15 10:32:12 +02:00
server.c MINOR: server: enable slowstart for dynamic server 2021-09-21 14:00:32 +02:00
server_state.c CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h 2021-09-11 19:58:45 +02:00
session.c MINOR: vars: rename vars_init() to vars_init_head() 2021-09-08 11:10:16 +02:00
sha1.c BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
shctx.c CLEANUP: shctx: remove the different inter-process locking techniques 2021-06-15 16:52:42 +02:00
signal.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
sink.c MINOR: applet: remove the thread mask from appctx_new() 2021-09-17 16:08:34 +02:00
slz.c CLEANUP: slz: Mark reset_refs as static 2021-09-24 15:07:50 +02:00
sock.c BUG/MEDIUM: sock: make sure to never miss early connection failures 2021-07-06 10:52:19 +02:00
sock_inet.c MINOR: fd: move .exported into fdtab[].state 2021-04-07 18:10:36 +02:00
sock_unix.c MINOR: fd: move .exported into fdtab[].state 2021-04-07 18:10:36 +02:00
ssl_ckch.c MINOR: ssl: fix typo in usage for 'new ssl ca-file' 2021-06-18 16:42:25 +02:00
ssl_crtlist.c MEDIUM: ssl: Chain ckch instances in ca-file entries 2021-05-17 10:50:24 +02:00
ssl_sample.c MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err 2021-09-30 11:04:35 +02:00
ssl_sock.c MINOR: ssl: Store the last SSL error code in case of read or write failure 2021-09-30 11:04:35 +02:00
ssl_utils.c MINOR: sample: Expose SSL captures using new fetchers 2021-08-26 19:48:34 +02:00
stats.c CLEANUP: stats: Fix some alignment mistakes 2021-09-24 08:52:45 +02:00
stick_table.c BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions 2021-08-24 15:05:48 +02:00
stream.c CLEANUP: Apply ist.cocci 2021-09-17 17:22:05 +02:00
stream_interface.c MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf 2021-09-23 16:25:47 +02:00
task.c MEDIUM: task: implement tasklet kill 2021-08-06 11:07:48 +02:00
tcp_act.c Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" 2021-07-06 11:44:04 +02:00
tcp_rules.c BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM 2021-09-23 16:18:07 +02:00
tcp_sample.c MINOR: tcp_samples: Be able to call bc_src/bc_dst from the health-checks 2021-04-19 08:31:05 +02:00
tcpcheck.c BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check 2021-09-16 17:24:50 +02:00
thread.c MINOR: config: use a standard parser for the "nbthread" keyword 2021-09-27 09:47:40 +02:00
time.c BUG/MEDIUM: time: fix updating of global_now upon clock drift 2021-04-28 17:43:55 +02:00
tools.c CLEANUP: Remove unreachable break from parse_time_err() 2021-09-20 18:37:32 +02:00
trace.c CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages 2021-05-07 11:51:26 +02:00
uri_auth.c CLEANUP: Compare the return value of XXXcmp() functions with zero 2021-01-04 10:09:02 +01:00
uri_normalizer.c MINOR: uri_normalizer: Add fragment-encode normalizer 2021-05-11 17:24:32 +02:00
vars.c OPTIM: vars: do not keep variables usage stats if no limit is set 2021-09-08 15:53:07 +02:00
version.c BUILD: Fix build by including haproxy/global.h 2020-06-16 23:36:04 +02:00
wdt.c BUILD: wdt: include signal-t.h 2021-05-08 12:29:01 +02:00
xprt_handshake.c MEDIUM: connections: Implement a start() method for xprt_handshake. 2021-03-19 15:33:04 +01:00
xprt_quic.c MINOR: quic: define close handler 2021-09-23 15:27:25 +02:00