Browse Source

haproxy: bump to version 1.5.3

- upgrade to 1.5.3
 - [PATCH 1/3] BUG/MINOR: server: move the directive #endif to the end
 - [PATCH 2/3] BUG/MINOR: Fix search for -p argument in systemd wrapper.
 - [PATCH 3/3] BUG/MAJOR: tcp: fix a possible busy spinning loop in

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
lilik-openwrt-22.03
Thomas Heil 10 years ago
parent
commit
08e97960c7
10 changed files with 198 additions and 273 deletions
  1. +3
    -3
      net/haproxy/Makefile
  2. +42
    -0
      net/haproxy/patches/0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
  3. +0
    -29
      net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
  4. +42
    -0
      net/haproxy/patches/0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
  5. +0
    -29
      net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch
  6. +111
    -0
      net/haproxy/patches/0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
  7. +0
    -101
      net/haproxy/patches/0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
  8. +0
    -35
      net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
  9. +0
    -42
      net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch
  10. +0
    -34
      net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch

+ 3
- 3
net/haproxy/Makefile View File

@ -9,11 +9,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
PKG_VERSION:=1.5.2
PKG_RELEASE:=06
PKG_VERSION:=1.5.3
PKG_RELEASE:=03
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
PKG_MD5SUM:=e854fed32ea751d6db7f366cb910225a
PKG_MD5SUM:=e999a547d57445d5a5ab7eb6a06df9a1
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
PKG_LICENSE:=GPL-2.0


+ 42
- 0
net/haproxy/patches/0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch View File

@ -0,0 +1,42 @@
From ad65af7dab9b8d8033fd09d8031cc774a6fbf768 Mon Sep 17 00:00:00 2001
From: Godbach <nylzhaowei@gmail.com>
Date: Mon, 28 Jul 2014 17:31:57 +0800
Subject: [PATCH 1/3] BUG/MINOR: server: move the directive #endif to the end
of file
If a source file includes proto/server.h twice or more, redefinition errors will
be triggered for such inline functions as server_throttle_rate(),
server_is_draining(), srv_adm_set_maint() and so on. Just move #endif directive
to the end of file to solve this issue.
Signed-off-by: Godbach <nylzhaowei@gmail.com>
(cherry picked from commit e468d55998e134dac1b18d5d9d075ffd5691c827)
---
include/proto/server.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/proto/server.h b/include/proto/server.h
index 9893266..71c8b13 100644
--- a/include/proto/server.h
+++ b/include/proto/server.h
@@ -54,8 +54,6 @@ static void inline srv_set_sess_last(struct server *s)
s->counters.last_sess = now.tv_sec;
}
-#endif /* _PROTO_SERVER_H */
-
/*
* Registers the server keyword list <kwl> as a list of valid keywords for next
* parsing sessions.
@@ -200,6 +198,8 @@ static inline void srv_adm_set_ready(struct server *s)
srv_clr_admin_flag(s, SRV_ADMF_FMAINT);
}
+#endif /* _PROTO_SERVER_H */
+
/*
* Local variables:
* c-indent-level: 8
--
1.8.5.5

+ 0
- 29
net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch View File

@ -1,29 +0,0 @@
From a124eb6d7838eff2c52cc9bf027594c11e87fae9 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sat, 12 Jul 2014 17:31:07 +0200
Subject: [PATCH 1/2] DOC: mention that Squid correctly responds 400 to PPv2
header
Amos reported that Squid builds 3.5.0.0_20140624 and 3.5.0.0_20140630
were confirmed to respond correctly here and that any version will do
the same.
(cherry picked from commit 9e1382002aa1ba12dcc637870befd077ff887aad)
---
doc/proxy-protocol.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt
index a2dbcea..a3925a4 100644
--- a/doc/proxy-protocol.txt
+++ b/doc/proxy-protocol.txt
@@ -692,6 +692,7 @@ presented, even with minimal implementations :
- thttpd 2.20c : 400 Bad Request + abort => pass/optimal
- mini-httpd-1.19 : 400 Bad Request + abort => pass/optimal
- haproxy 1.4.21 : 400 Bad Request + abort => pass/optimal
+ - Squid 3 : 400 Bad Request + abort => pass/optimal
- SSL :
- stud 0.3.47 : connection abort => pass/optimal
- stunnel 4.45 : connection abort => pass/optimal
--
1.8.5.5

+ 42
- 0
net/haproxy/patches/0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch View File

@ -0,0 +1,42 @@
From 715e9b892f564e58489f86c125aed2a8994f16e9 Mon Sep 17 00:00:00 2001
From: Conrad Hoffmann <conrad@soundcloud.com>
Date: Mon, 28 Jul 2014 23:22:43 +0200
Subject: [PATCH 2/3] BUG/MINOR: Fix search for -p argument in systemd wrapper.
Searching for the pid file in the list of arguments did not
take flags without parameters into account, like e.g. -de. Because
of this, the wrapper would use a different pid file than haproxy
if such an argument was specified before -p.
The new version can still yield a false positive for some crazy
situations, like your config file name starting with "-p", but
I think this is as good as it gets without using getopt or some
library.
Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
(cherry picked from commit eb2cf45b72a7e14c581276247381dc1ac76be2c0)
---
src/haproxy-systemd-wrapper.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
index ba07ebe..529b213 100644
--- a/src/haproxy-systemd-wrapper.c
+++ b/src/haproxy-systemd-wrapper.c
@@ -130,11 +130,8 @@ static void sigint_handler(int signum __attribute__((unused)))
static void init(int argc, char **argv)
{
while (argc > 1) {
- if (**argv == '-') {
- char *flag = *argv + 1;
- --argc; ++argv;
- if (*flag == 'p')
- pid_file = *argv;
+ if ((*argv)[0] == '-' && (*argv)[1] == 'p') {
+ pid_file = *(argv + 1);
}
--argc; ++argv;
}
--
1.8.5.5

+ 0
- 29
net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch View File

@ -1,29 +0,0 @@
From de9789b37466c37547d8c5d52d96a9d4466eb431 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
Date: Sat, 12 Jul 2014 18:22:42 +0200
Subject: [PATCH 2/2] DOC: fix typo in Unix Socket commands
Konstantin Romanenko reported a typo in the HTML documentation. The typo is
already present in the raw text version : the "shutdown sessions" command
should be "shutdown sessions server".
(cherry picked from commit e63a1eb290a1c407453dbcaa16535c85a1904f9e)
---
doc/configuration.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index ca21f7d..2d71555 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -13869,7 +13869,7 @@ shutdown session <id>
endless transfer is ongoing. Such terminated sessions are reported with a 'K'
flag in the logs.
-shutdown sessions <backend>/<server>
+shutdown sessions server <backend>/<server>
Immediately terminate all the sessions attached to the specified server. This
can be used to terminate long-running sessions after a server is put into
maintenance mode, for instance. Such terminated sessions are reported with a
--
1.8.5.5

+ 111
- 0
net/haproxy/patches/0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch View File

@ -0,0 +1,111 @@
From f94735eb76e634d7531f9c903113f64820c4cec0 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 30 Jul 2014 08:56:35 +0200
Subject: [PATCH 3/3] BUG/MAJOR: tcp: fix a possible busy spinning loop in
content track-sc*
As a consequence of various recent changes on the sample conversion,
a corner case has emerged where it is possible to wait forever for a
sample in track-sc*.
The issue is caused by the fact that functions relying on sample_process()
don't all exactly work the same regarding the SMP_F_MAY_CHANGE flag and
the output result. Here it was possible to wait forever for an output
sample from stktable_fetch_key() without checking the SMP_OPT_FINAL flag.
As a result, if the client connects and closes without sending the data
and haproxy expects a sample which is capable of coming, it will ignore
this impossible case and will continue to wait.
This change adds control for SMP_OPT_FINAL before waiting for extra data.
The various relevant functions have been better documented regarding their
output values.
This fix must be backported to 1.5 since it appeared there.
(cherry picked from commit 6bcb0a84e7256f00793fa8ec8a0d6c19c3b22935)
---
src/proto_tcp.c | 4 ++--
src/sample.c | 23 ++++++++++++++++++++++-
src/stick_table.c | 11 ++++++++++-
3 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 9778856..72dc92b 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1048,8 +1048,8 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit)
t = rule->act_prm.trk_ctr.table.t;
key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial, rule->act_prm.trk_ctr.expr, &smp);
- if (smp.flags & SMP_F_MAY_CHANGE)
- goto missing_data;
+ if ((smp.flags & SMP_F_MAY_CHANGE) && !(partial & SMP_OPT_FINAL))
+ goto missing_data; /* key might appear later */
if (key && (ts = stktable_get_entry(t, key))) {
session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts);
diff --git a/src/sample.c b/src/sample.c
index 3a0f3fb..8e62640 100644
--- a/src/sample.c
+++ b/src/sample.c
@@ -896,6 +896,18 @@ out_error:
* Note: the fetch functions are required to properly set the return type. The
* conversion functions must do so too. However the cast functions do not need
* to since they're made to cast mutiple types according to what is required.
+ *
+ * The caller may indicate in <opt> if it considers the result final or not.
+ * The caller needs to check the SMP_F_MAY_CHANGE flag in p->flags to verify
+ * if the result is stable or not, according to the following table :
+ *
+ * return MAY_CHANGE FINAL Meaning for the sample
+ * NULL 0 * Not present and will never be (eg: header)
+ * NULL 1 0 Not present yet, could change (eg: POST param)
+ * NULL 1 1 Not present yet, will not change anymore
+ * smp 0 * Present and will not change (eg: header)
+ * smp 1 0 Present, may change (eg: request length)
+ * smp 1 1 Present, last known value (eg: request length)
*/
struct sample *sample_process(struct proxy *px, struct session *l4, void *l7,
unsigned int opt,
@@ -1153,7 +1165,16 @@ int smp_resolve_args(struct proxy *p)
* and <opt> does not contain SMP_OPT_FINAL, then the sample is returned as-is
* with its SMP_F_MAY_CHANGE flag so that the caller can check it and decide to
* take actions (eg: wait longer). If a sample could not be found or could not
- * be converted, NULL is returned.
+ * be converted, NULL is returned. The caller MUST NOT use the sample if the
+ * SMP_F_MAY_CHANGE flag is present, as it is used only as a hint that there is
+ * still hope to get it after waiting longer, and is not converted to string.
+ * The possible output combinations are the following :
+ *
+ * return MAY_CHANGE FINAL Meaning for the sample
+ * NULL * * Not present and will never be (eg: header)
+ * smp 0 * Final value converted (eg: header)
+ * smp 1 0 Not present yet, may appear later (eg: header)
+ * smp 1 1 never happens (either flag is cleared on output)
*/
struct sample *sample_fetch_string(struct proxy *px, struct session *l4, void *l7,
unsigned int opt, struct sample_expr *expr)
diff --git a/src/stick_table.c b/src/stick_table.c
index a708d3c..d39b4ff 100644
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -603,7 +603,16 @@ static sample_to_key_fct sample_to_key[SMP_TYPES][STKTABLE_TYPES] = {
* no key could be extracted, or a pointer to the converted result stored in
* static_table_key in format <table_type>. If <smp> is not NULL, it will be reset
* and its flags will be initialized so that the caller gets a copy of the input
- * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present).
+ * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present
+ * without SMP_OPT_FINAL). The output will be usable like this :
+ *
+ * return MAY_CHANGE FINAL Meaning for the sample
+ * NULL 0 * Not present and will never be (eg: header)
+ * NULL 1 0 Not present or unstable, could change (eg: req_len)
+ * NULL 1 1 Not present, will not change anymore
+ * smp 0 * Present and will not change (eg: header)
+ * smp 1 0 not possible
+ * smp 1 1 Present, last known value (eg: request length)
*/
struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7,
unsigned int opt, struct sample_expr *expr, struct sample *smp)
--
1.8.5.5

+ 0
- 101
net/haproxy/patches/0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch View File

@ -1,101 +0,0 @@
From 60d7aeb6e1450995e721d01f48f60b7db4c44e2b Mon Sep 17 00:00:00 2001
From: Remi Gacogne <rgacogne[at]aquaray[dot]fr>
Date: Tue, 15 Jul 2014 11:36:40 +0200
Subject: [PATCH 3/3] BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
OpenSSL does not free the DH * value returned by the callback specified with SSL_CTX_set_tmp_dh_callback(),
leading to a memory leak for SSL/TLS connections using Diffie Hellman Ephemeral key exchange.
This patch fixes the leak by allocating the DH * structs holding the DH parameters once, at configuration time.
Note: this fix must be backported to 1.5.
(cherry picked from commit 8de5415b85512da871d58d1e9a0a33bd67f3b570)
---
src/ssl_sock.c | 43 ++++++++++++++++++++++++++++++++++++-------
1 file changed, 36 insertions(+), 7 deletions(-)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 375225d..cf8adc7 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -105,6 +105,13 @@ enum {
int sslconns = 0;
int totalsslconns = 0;
+#ifndef OPENSSL_NO_DH
+static DH *local_dh_1024 = NULL;
+static DH *local_dh_2048 = NULL;
+static DH *local_dh_4096 = NULL;
+static DH *local_dh_8192 = NULL;
+#endif /* OPENSSL_NO_DH */
+
#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
struct certificate_ocsp {
struct ebmb_node key;
@@ -1034,16 +1041,16 @@ static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
}
if (keylen >= 8192) {
- dh = ssl_get_dh_8192();
+ dh = local_dh_8192;
}
else if (keylen >= 4096) {
- dh = ssl_get_dh_4096();
+ dh = local_dh_4096;
}
else if (keylen >= 2048) {
- dh = ssl_get_dh_2048();
+ dh = local_dh_2048;
}
else {
- dh = ssl_get_dh_1024();
+ dh = local_dh_1024;
}
return dh;
@@ -1079,11 +1086,11 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
if (global.tune.ssl_default_dh_param <= 1024) {
/* we are limited to DH parameter of 1024 bits anyway */
- dh = ssl_get_dh_1024();
- if (dh == NULL)
+ local_dh_1024 = ssl_get_dh_1024();
+ if (local_dh_1024 == NULL)
goto end;
- SSL_CTX_set_tmp_dh(ctx, dh);
+ SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
}
else {
SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
@@ -1594,6 +1601,28 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
global.tune.ssl_default_dh_param = 1024;
}
+#ifndef OPENSSL_NO_DH
+ if (global.tune.ssl_default_dh_param >= 1024) {
+ if (local_dh_1024 == NULL) {
+ local_dh_1024 = ssl_get_dh_1024();
+ }
+ if (global.tune.ssl_default_dh_param >= 2048) {
+ if (local_dh_2048 == NULL) {
+ local_dh_2048 = ssl_get_dh_2048();
+ }
+ if (global.tune.ssl_default_dh_param >= 4096) {
+ if (local_dh_4096 == NULL) {
+ local_dh_4096 = ssl_get_dh_4096();
+ }
+ if (global.tune.ssl_default_dh_param >= 8192 &&
+ local_dh_8192 == NULL) {
+ local_dh_8192 = ssl_get_dh_8192();
+ }
+ }
+ }
+ }
+#endif /* OPENSSL_NO_DH */
+
SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
--
1.8.5.5

+ 0
- 35
net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch View File

@ -1,35 +0,0 @@
From 0dff81c6a5876172bc1d4725a7a07fddd9d1f369 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 15 Jul 2014 21:34:06 +0200
Subject: [PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian
version of base32
We're using the internal memory representation of base32 here, which is
wrong since these data might be exported to headers for logs or be used
to stick to a server and replicated to other peers. Let's convert base32
to big endian (network representation) when building the binary block.
This mistake is also present in 1.5, it would be better to backport it.
(cherry picked from commit 5ad6e1dc09f0a85aabf86f154b1817b9ebffb568)
---
src/proto_http.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/proto_http.c b/src/proto_http.c
index 94afed7..b7ed85d 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -10358,8 +10358,8 @@ smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned in
return 0;
temp = get_trash_chunk();
- memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
- temp->len += sizeof(smp->data.uint);
+ *(unsigned int *)temp->str = htonl(smp->data.uint);
+ temp->len += sizeof(unsigned int);
switch (cli_conn->addr.from.ss_family) {
case AF_INET:
--
1.8.5.5

+ 0
- 42
net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch View File

@ -1,42 +0,0 @@
From 66dbae025876a65c81ae3c4011e3aa3b630b42f7 Mon Sep 17 00:00:00 2001
From: Dave McCowan <11235david@gmail.com>
Date: Thu, 17 Jul 2014 14:34:01 -0400
Subject: [PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when
building a proxy v2 header
Use temporary trash chunk, instead of global trash chunk in
make_proxy_line_v2() to avoid memory overwrite.
This fix must also be backported to 1.5.
(cherry picked from commit 77d1f0143e210c13ee8ec6aaf6b3150fa4ce6c5b)
---
src/connection.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/connection.c b/src/connection.c
index 20a911b..3435b1a 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -622,6 +622,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
char *value = NULL;
struct tlv_ssl *tlv;
int ssl_tlv_len = 0;
+ struct chunk *cn_trash;
#endif
if (buf_len < PP2_HEADER_LEN)
@@ -682,8 +683,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
tlv->verify = htonl(ssl_sock_get_verify_result(remote));
}
if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
- if (ssl_sock_get_remote_common_name(remote, &trash) > 0) {
- tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str);
+ cn_trash = get_trash_chunk();
+ if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) {
+ tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str);
ssl_tlv_len += tlv_len;
}
}
--
1.8.5.5

+ 0
- 34
net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch View File

@ -1,34 +0,0 @@
From 04b80cd29b23d02f373c095569e871275d128b43 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sat, 19 Jul 2014 06:37:33 +0200
Subject: [PATCH 6/6] BUG/MEDIUM: connection: fix proxy v2 header again!
Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory corruption
when building a proxy v2 header") was wrong, using &cn_trash instead
of cn_trash resulting in a warning and the client's SSL cert CN not
being stored at the proper location.
Thanks to Lukas Tribus for spotting this quickly.
This should be backported to 1.5 after the patch above is backported.
(cherry picked from commit 3b9a0c9d4d083d749846d66f9bd4caabafe4ee78)
---
src/connection.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/connection.c b/src/connection.c
index 3435b1a..2dd2c02 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -684,7 +684,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
}
if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
cn_trash = get_trash_chunk();
- if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) {
+ if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) {
tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str);
ssl_tlv_len += tlv_len;
}
--
1.8.5.5

Loading…
Cancel
Save