- upgrade to 1.5.3 - [PATCH 1/3] BUG/MINOR: server: move the directive #endif to the end - [PATCH 2/3] BUG/MINOR: Fix search for -p argument in systemd wrapper. - [PATCH 3/3] BUG/MAJOR: tcp: fix a possible busy spinning loop in Signed-off-by: Thomas Heil <heil@terminal-consulting.de>lilik-openwrt-22.03
@ -0,0 +1,42 @@ | |||
From ad65af7dab9b8d8033fd09d8031cc774a6fbf768 Mon Sep 17 00:00:00 2001 | |||
From: Godbach <nylzhaowei@gmail.com> | |||
Date: Mon, 28 Jul 2014 17:31:57 +0800 | |||
Subject: [PATCH 1/3] BUG/MINOR: server: move the directive #endif to the end | |||
of file | |||
If a source file includes proto/server.h twice or more, redefinition errors will | |||
be triggered for such inline functions as server_throttle_rate(), | |||
server_is_draining(), srv_adm_set_maint() and so on. Just move #endif directive | |||
to the end of file to solve this issue. | |||
Signed-off-by: Godbach <nylzhaowei@gmail.com> | |||
(cherry picked from commit e468d55998e134dac1b18d5d9d075ffd5691c827) | |||
--- | |||
include/proto/server.h | 4 ++-- | |||
1 file changed, 2 insertions(+), 2 deletions(-) | |||
diff --git a/include/proto/server.h b/include/proto/server.h | |||
index 9893266..71c8b13 100644 | |||
--- a/include/proto/server.h | |||
+++ b/include/proto/server.h | |||
@@ -54,8 +54,6 @@ static void inline srv_set_sess_last(struct server *s) | |||
s->counters.last_sess = now.tv_sec; | |||
} | |||
-#endif /* _PROTO_SERVER_H */ | |||
- | |||
/* | |||
* Registers the server keyword list <kwl> as a list of valid keywords for next | |||
* parsing sessions. | |||
@@ -200,6 +198,8 @@ static inline void srv_adm_set_ready(struct server *s) | |||
srv_clr_admin_flag(s, SRV_ADMF_FMAINT); | |||
} | |||
+#endif /* _PROTO_SERVER_H */ | |||
+ | |||
/* | |||
* Local variables: | |||
* c-indent-level: 8 | |||
-- | |||
1.8.5.5 | |||
@ -1,29 +0,0 @@ | |||
From a124eb6d7838eff2c52cc9bf027594c11e87fae9 Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Sat, 12 Jul 2014 17:31:07 +0200 | |||
Subject: [PATCH 1/2] DOC: mention that Squid correctly responds 400 to PPv2 | |||
header | |||
Amos reported that Squid builds 3.5.0.0_20140624 and 3.5.0.0_20140630 | |||
were confirmed to respond correctly here and that any version will do | |||
the same. | |||
(cherry picked from commit 9e1382002aa1ba12dcc637870befd077ff887aad) | |||
--- | |||
doc/proxy-protocol.txt | 1 + | |||
1 file changed, 1 insertion(+) | |||
diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt | |||
index a2dbcea..a3925a4 100644 | |||
--- a/doc/proxy-protocol.txt | |||
+++ b/doc/proxy-protocol.txt | |||
@@ -692,6 +692,7 @@ presented, even with minimal implementations : | |||
- thttpd 2.20c : 400 Bad Request + abort => pass/optimal | |||
- mini-httpd-1.19 : 400 Bad Request + abort => pass/optimal | |||
- haproxy 1.4.21 : 400 Bad Request + abort => pass/optimal | |||
+ - Squid 3 : 400 Bad Request + abort => pass/optimal | |||
- SSL : | |||
- stud 0.3.47 : connection abort => pass/optimal | |||
- stunnel 4.45 : connection abort => pass/optimal | |||
-- | |||
1.8.5.5 | |||
@ -0,0 +1,42 @@ | |||
From 715e9b892f564e58489f86c125aed2a8994f16e9 Mon Sep 17 00:00:00 2001 | |||
From: Conrad Hoffmann <conrad@soundcloud.com> | |||
Date: Mon, 28 Jul 2014 23:22:43 +0200 | |||
Subject: [PATCH 2/3] BUG/MINOR: Fix search for -p argument in systemd wrapper. | |||
Searching for the pid file in the list of arguments did not | |||
take flags without parameters into account, like e.g. -de. Because | |||
of this, the wrapper would use a different pid file than haproxy | |||
if such an argument was specified before -p. | |||
The new version can still yield a false positive for some crazy | |||
situations, like your config file name starting with "-p", but | |||
I think this is as good as it gets without using getopt or some | |||
library. | |||
Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com> | |||
(cherry picked from commit eb2cf45b72a7e14c581276247381dc1ac76be2c0) | |||
--- | |||
src/haproxy-systemd-wrapper.c | 7 ++----- | |||
1 file changed, 2 insertions(+), 5 deletions(-) | |||
diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c | |||
index ba07ebe..529b213 100644 | |||
--- a/src/haproxy-systemd-wrapper.c | |||
+++ b/src/haproxy-systemd-wrapper.c | |||
@@ -130,11 +130,8 @@ static void sigint_handler(int signum __attribute__((unused))) | |||
static void init(int argc, char **argv) | |||
{ | |||
while (argc > 1) { | |||
- if (**argv == '-') { | |||
- char *flag = *argv + 1; | |||
- --argc; ++argv; | |||
- if (*flag == 'p') | |||
- pid_file = *argv; | |||
+ if ((*argv)[0] == '-' && (*argv)[1] == 'p') { | |||
+ pid_file = *(argv + 1); | |||
} | |||
--argc; ++argv; | |||
} | |||
-- | |||
1.8.5.5 | |||
@ -1,29 +0,0 @@ | |||
From de9789b37466c37547d8c5d52d96a9d4466eb431 Mon Sep 17 00:00:00 2001 | |||
From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr> | |||
Date: Sat, 12 Jul 2014 18:22:42 +0200 | |||
Subject: [PATCH 2/2] DOC: fix typo in Unix Socket commands | |||
Konstantin Romanenko reported a typo in the HTML documentation. The typo is | |||
already present in the raw text version : the "shutdown sessions" command | |||
should be "shutdown sessions server". | |||
(cherry picked from commit e63a1eb290a1c407453dbcaa16535c85a1904f9e) | |||
--- | |||
doc/configuration.txt | 2 +- | |||
1 file changed, 1 insertion(+), 1 deletion(-) | |||
diff --git a/doc/configuration.txt b/doc/configuration.txt | |||
index ca21f7d..2d71555 100644 | |||
--- a/doc/configuration.txt | |||
+++ b/doc/configuration.txt | |||
@@ -13869,7 +13869,7 @@ shutdown session <id> | |||
endless transfer is ongoing. Such terminated sessions are reported with a 'K' | |||
flag in the logs. | |||
-shutdown sessions <backend>/<server> | |||
+shutdown sessions server <backend>/<server> | |||
Immediately terminate all the sessions attached to the specified server. This | |||
can be used to terminate long-running sessions after a server is put into | |||
maintenance mode, for instance. Such terminated sessions are reported with a | |||
-- | |||
1.8.5.5 | |||
@ -0,0 +1,111 @@ | |||
From f94735eb76e634d7531f9c903113f64820c4cec0 Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Wed, 30 Jul 2014 08:56:35 +0200 | |||
Subject: [PATCH 3/3] BUG/MAJOR: tcp: fix a possible busy spinning loop in | |||
content track-sc* | |||
As a consequence of various recent changes on the sample conversion, | |||
a corner case has emerged where it is possible to wait forever for a | |||
sample in track-sc*. | |||
The issue is caused by the fact that functions relying on sample_process() | |||
don't all exactly work the same regarding the SMP_F_MAY_CHANGE flag and | |||
the output result. Here it was possible to wait forever for an output | |||
sample from stktable_fetch_key() without checking the SMP_OPT_FINAL flag. | |||
As a result, if the client connects and closes without sending the data | |||
and haproxy expects a sample which is capable of coming, it will ignore | |||
this impossible case and will continue to wait. | |||
This change adds control for SMP_OPT_FINAL before waiting for extra data. | |||
The various relevant functions have been better documented regarding their | |||
output values. | |||
This fix must be backported to 1.5 since it appeared there. | |||
(cherry picked from commit 6bcb0a84e7256f00793fa8ec8a0d6c19c3b22935) | |||
--- | |||
src/proto_tcp.c | 4 ++-- | |||
src/sample.c | 23 ++++++++++++++++++++++- | |||
src/stick_table.c | 11 ++++++++++- | |||
3 files changed, 34 insertions(+), 4 deletions(-) | |||
diff --git a/src/proto_tcp.c b/src/proto_tcp.c | |||
index 9778856..72dc92b 100644 | |||
--- a/src/proto_tcp.c | |||
+++ b/src/proto_tcp.c | |||
@@ -1048,8 +1048,8 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit) | |||
t = rule->act_prm.trk_ctr.table.t; | |||
key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial, rule->act_prm.trk_ctr.expr, &smp); | |||
- if (smp.flags & SMP_F_MAY_CHANGE) | |||
- goto missing_data; | |||
+ if ((smp.flags & SMP_F_MAY_CHANGE) && !(partial & SMP_OPT_FINAL)) | |||
+ goto missing_data; /* key might appear later */ | |||
if (key && (ts = stktable_get_entry(t, key))) { | |||
session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts); | |||
diff --git a/src/sample.c b/src/sample.c | |||
index 3a0f3fb..8e62640 100644 | |||
--- a/src/sample.c | |||
+++ b/src/sample.c | |||
@@ -896,6 +896,18 @@ out_error: | |||
* Note: the fetch functions are required to properly set the return type. The | |||
* conversion functions must do so too. However the cast functions do not need | |||
* to since they're made to cast mutiple types according to what is required. | |||
+ * | |||
+ * The caller may indicate in <opt> if it considers the result final or not. | |||
+ * The caller needs to check the SMP_F_MAY_CHANGE flag in p->flags to verify | |||
+ * if the result is stable or not, according to the following table : | |||
+ * | |||
+ * return MAY_CHANGE FINAL Meaning for the sample | |||
+ * NULL 0 * Not present and will never be (eg: header) | |||
+ * NULL 1 0 Not present yet, could change (eg: POST param) | |||
+ * NULL 1 1 Not present yet, will not change anymore | |||
+ * smp 0 * Present and will not change (eg: header) | |||
+ * smp 1 0 Present, may change (eg: request length) | |||
+ * smp 1 1 Present, last known value (eg: request length) | |||
*/ | |||
struct sample *sample_process(struct proxy *px, struct session *l4, void *l7, | |||
unsigned int opt, | |||
@@ -1153,7 +1165,16 @@ int smp_resolve_args(struct proxy *p) | |||
* and <opt> does not contain SMP_OPT_FINAL, then the sample is returned as-is | |||
* with its SMP_F_MAY_CHANGE flag so that the caller can check it and decide to | |||
* take actions (eg: wait longer). If a sample could not be found or could not | |||
- * be converted, NULL is returned. | |||
+ * be converted, NULL is returned. The caller MUST NOT use the sample if the | |||
+ * SMP_F_MAY_CHANGE flag is present, as it is used only as a hint that there is | |||
+ * still hope to get it after waiting longer, and is not converted to string. | |||
+ * The possible output combinations are the following : | |||
+ * | |||
+ * return MAY_CHANGE FINAL Meaning for the sample | |||
+ * NULL * * Not present and will never be (eg: header) | |||
+ * smp 0 * Final value converted (eg: header) | |||
+ * smp 1 0 Not present yet, may appear later (eg: header) | |||
+ * smp 1 1 never happens (either flag is cleared on output) | |||
*/ | |||
struct sample *sample_fetch_string(struct proxy *px, struct session *l4, void *l7, | |||
unsigned int opt, struct sample_expr *expr) | |||
diff --git a/src/stick_table.c b/src/stick_table.c | |||
index a708d3c..d39b4ff 100644 | |||
--- a/src/stick_table.c | |||
+++ b/src/stick_table.c | |||
@@ -603,7 +603,16 @@ static sample_to_key_fct sample_to_key[SMP_TYPES][STKTABLE_TYPES] = { | |||
* no key could be extracted, or a pointer to the converted result stored in | |||
* static_table_key in format <table_type>. If <smp> is not NULL, it will be reset | |||
* and its flags will be initialized so that the caller gets a copy of the input | |||
- * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present). | |||
+ * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present | |||
+ * without SMP_OPT_FINAL). The output will be usable like this : | |||
+ * | |||
+ * return MAY_CHANGE FINAL Meaning for the sample | |||
+ * NULL 0 * Not present and will never be (eg: header) | |||
+ * NULL 1 0 Not present or unstable, could change (eg: req_len) | |||
+ * NULL 1 1 Not present, will not change anymore | |||
+ * smp 0 * Present and will not change (eg: header) | |||
+ * smp 1 0 not possible | |||
+ * smp 1 1 Present, last known value (eg: request length) | |||
*/ | |||
struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7, | |||
unsigned int opt, struct sample_expr *expr, struct sample *smp) | |||
-- | |||
1.8.5.5 | |||
@ -1,101 +0,0 @@ | |||
From 60d7aeb6e1450995e721d01f48f60b7db4c44e2b Mon Sep 17 00:00:00 2001 | |||
From: Remi Gacogne <rgacogne[at]aquaray[dot]fr> | |||
Date: Tue, 15 Jul 2014 11:36:40 +0200 | |||
Subject: [PATCH 3/3] BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange | |||
OpenSSL does not free the DH * value returned by the callback specified with SSL_CTX_set_tmp_dh_callback(), | |||
leading to a memory leak for SSL/TLS connections using Diffie Hellman Ephemeral key exchange. | |||
This patch fixes the leak by allocating the DH * structs holding the DH parameters once, at configuration time. | |||
Note: this fix must be backported to 1.5. | |||
(cherry picked from commit 8de5415b85512da871d58d1e9a0a33bd67f3b570) | |||
--- | |||
src/ssl_sock.c | 43 ++++++++++++++++++++++++++++++++++++------- | |||
1 file changed, 36 insertions(+), 7 deletions(-) | |||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c | |||
index 375225d..cf8adc7 100644 | |||
--- a/src/ssl_sock.c | |||
+++ b/src/ssl_sock.c | |||
@@ -105,6 +105,13 @@ enum { | |||
int sslconns = 0; | |||
int totalsslconns = 0; | |||
+#ifndef OPENSSL_NO_DH | |||
+static DH *local_dh_1024 = NULL; | |||
+static DH *local_dh_2048 = NULL; | |||
+static DH *local_dh_4096 = NULL; | |||
+static DH *local_dh_8192 = NULL; | |||
+#endif /* OPENSSL_NO_DH */ | |||
+ | |||
#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB | |||
struct certificate_ocsp { | |||
struct ebmb_node key; | |||
@@ -1034,16 +1041,16 @@ static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen) | |||
} | |||
if (keylen >= 8192) { | |||
- dh = ssl_get_dh_8192(); | |||
+ dh = local_dh_8192; | |||
} | |||
else if (keylen >= 4096) { | |||
- dh = ssl_get_dh_4096(); | |||
+ dh = local_dh_4096; | |||
} | |||
else if (keylen >= 2048) { | |||
- dh = ssl_get_dh_2048(); | |||
+ dh = local_dh_2048; | |||
} | |||
else { | |||
- dh = ssl_get_dh_1024(); | |||
+ dh = local_dh_1024; | |||
} | |||
return dh; | |||
@@ -1079,11 +1086,11 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file) | |||
if (global.tune.ssl_default_dh_param <= 1024) { | |||
/* we are limited to DH parameter of 1024 bits anyway */ | |||
- dh = ssl_get_dh_1024(); | |||
- if (dh == NULL) | |||
+ local_dh_1024 = ssl_get_dh_1024(); | |||
+ if (local_dh_1024 == NULL) | |||
goto end; | |||
- SSL_CTX_set_tmp_dh(ctx, dh); | |||
+ SSL_CTX_set_tmp_dh(ctx, local_dh_1024); | |||
} | |||
else { | |||
SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh); | |||
@@ -1594,6 +1601,28 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy | |||
global.tune.ssl_default_dh_param = 1024; | |||
} | |||
+#ifndef OPENSSL_NO_DH | |||
+ if (global.tune.ssl_default_dh_param >= 1024) { | |||
+ if (local_dh_1024 == NULL) { | |||
+ local_dh_1024 = ssl_get_dh_1024(); | |||
+ } | |||
+ if (global.tune.ssl_default_dh_param >= 2048) { | |||
+ if (local_dh_2048 == NULL) { | |||
+ local_dh_2048 = ssl_get_dh_2048(); | |||
+ } | |||
+ if (global.tune.ssl_default_dh_param >= 4096) { | |||
+ if (local_dh_4096 == NULL) { | |||
+ local_dh_4096 = ssl_get_dh_4096(); | |||
+ } | |||
+ if (global.tune.ssl_default_dh_param >= 8192 && | |||
+ local_dh_8192 == NULL) { | |||
+ local_dh_8192 = ssl_get_dh_8192(); | |||
+ } | |||
+ } | |||
+ } | |||
+ } | |||
+#endif /* OPENSSL_NO_DH */ | |||
+ | |||
SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk); | |||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L | |||
SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk); | |||
-- | |||
1.8.5.5 | |||
@ -1,35 +0,0 @@ | |||
From 0dff81c6a5876172bc1d4725a7a07fddd9d1f369 Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Tue, 15 Jul 2014 21:34:06 +0200 | |||
Subject: [PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian | |||
version of base32 | |||
We're using the internal memory representation of base32 here, which is | |||
wrong since these data might be exported to headers for logs or be used | |||
to stick to a server and replicated to other peers. Let's convert base32 | |||
to big endian (network representation) when building the binary block. | |||
This mistake is also present in 1.5, it would be better to backport it. | |||
(cherry picked from commit 5ad6e1dc09f0a85aabf86f154b1817b9ebffb568) | |||
--- | |||
src/proto_http.c | 4 ++-- | |||
1 file changed, 2 insertions(+), 2 deletions(-) | |||
diff --git a/src/proto_http.c b/src/proto_http.c | |||
index 94afed7..b7ed85d 100644 | |||
--- a/src/proto_http.c | |||
+++ b/src/proto_http.c | |||
@@ -10358,8 +10358,8 @@ smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned in | |||
return 0; | |||
temp = get_trash_chunk(); | |||
- memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint)); | |||
- temp->len += sizeof(smp->data.uint); | |||
+ *(unsigned int *)temp->str = htonl(smp->data.uint); | |||
+ temp->len += sizeof(unsigned int); | |||
switch (cli_conn->addr.from.ss_family) { | |||
case AF_INET: | |||
-- | |||
1.8.5.5 | |||
@ -1,42 +0,0 @@ | |||
From 66dbae025876a65c81ae3c4011e3aa3b630b42f7 Mon Sep 17 00:00:00 2001 | |||
From: Dave McCowan <11235david@gmail.com> | |||
Date: Thu, 17 Jul 2014 14:34:01 -0400 | |||
Subject: [PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when | |||
building a proxy v2 header | |||
Use temporary trash chunk, instead of global trash chunk in | |||
make_proxy_line_v2() to avoid memory overwrite. | |||
This fix must also be backported to 1.5. | |||
(cherry picked from commit 77d1f0143e210c13ee8ec6aaf6b3150fa4ce6c5b) | |||
--- | |||
src/connection.c | 6 ++++-- | |||
1 file changed, 4 insertions(+), 2 deletions(-) | |||
diff --git a/src/connection.c b/src/connection.c | |||
index 20a911b..3435b1a 100644 | |||
--- a/src/connection.c | |||
+++ b/src/connection.c | |||
@@ -622,6 +622,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec | |||
char *value = NULL; | |||
struct tlv_ssl *tlv; | |||
int ssl_tlv_len = 0; | |||
+ struct chunk *cn_trash; | |||
#endif | |||
if (buf_len < PP2_HEADER_LEN) | |||
@@ -682,8 +683,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec | |||
tlv->verify = htonl(ssl_sock_get_verify_result(remote)); | |||
} | |||
if (srv->pp_opts & SRV_PP_V2_SSL_CN) { | |||
- if (ssl_sock_get_remote_common_name(remote, &trash) > 0) { | |||
- tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str); | |||
+ cn_trash = get_trash_chunk(); | |||
+ if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) { | |||
+ tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str); | |||
ssl_tlv_len += tlv_len; | |||
} | |||
} | |||
-- | |||
1.8.5.5 | |||
@ -1,34 +0,0 @@ | |||
From 04b80cd29b23d02f373c095569e871275d128b43 Mon Sep 17 00:00:00 2001 | |||
From: Willy Tarreau <w@1wt.eu> | |||
Date: Sat, 19 Jul 2014 06:37:33 +0200 | |||
Subject: [PATCH 6/6] BUG/MEDIUM: connection: fix proxy v2 header again! | |||
Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory corruption | |||
when building a proxy v2 header") was wrong, using &cn_trash instead | |||
of cn_trash resulting in a warning and the client's SSL cert CN not | |||
being stored at the proper location. | |||
Thanks to Lukas Tribus for spotting this quickly. | |||
This should be backported to 1.5 after the patch above is backported. | |||
(cherry picked from commit 3b9a0c9d4d083d749846d66f9bd4caabafe4ee78) | |||
--- | |||
src/connection.c | 2 +- | |||
1 file changed, 1 insertion(+), 1 deletion(-) | |||
diff --git a/src/connection.c b/src/connection.c | |||
index 3435b1a..2dd2c02 100644 | |||
--- a/src/connection.c | |||
+++ b/src/connection.c | |||
@@ -684,7 +684,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec | |||
} | |||
if (srv->pp_opts & SRV_PP_V2_SSL_CN) { | |||
cn_trash = get_trash_chunk(); | |||
- if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) { | |||
+ if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) { | |||
tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str); | |||
ssl_tlv_len += tlv_len; | |||
} | |||
-- | |||
1.8.5.5 | |||