Skip to content

Commit

Permalink
lb/HttpConnection: add methods GetPeerSubject(), GetPeerIssuerSubject()
Browse files Browse the repository at this point in the history
  • Loading branch information
MaxKellermann committed Oct 29, 2024
1 parent f26f5e2 commit 27e263e
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 18 deletions.
11 changes: 2 additions & 9 deletions src/lb/ForwardHttpRequest.cxx
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
#include "Cookie.hxx"
#include "JvmRoute.hxx"
#include "Headers.hxx"
#include "ssl/Filter.hxx"
#include "cluster/AddressSticky.hxx"
#include "address_string.hxx"
#include "http/IncomingRequest.hxx"
Expand Down Expand Up @@ -359,19 +358,13 @@ LbRequest::OnFilteredSocketReady(Lease &lease,

SetForwardedTo();

const char *peer_subject = connection.ssl_filter != nullptr
? ssl_filter_get_peer_subject(*connection.ssl_filter)
: nullptr;
const char *peer_issuer_subject = connection.ssl_filter != nullptr
? ssl_filter_get_peer_issuer_subject(*connection.ssl_filter)
: nullptr;

auto &headers = request.headers;
lb_forward_request_headers(pool, headers,
request.local_host_and_port,
request.remote_host,
connection.IsEncrypted(),
peer_subject, peer_issuer_subject,
connection.GetPeerSubject(),
connection.GetPeerIssuerSubject(),
cluster_config.mangle_via);

if (!cluster_config.http_host.empty())
Expand Down
17 changes: 17 additions & 0 deletions src/lb/HttpConnection.cxx
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
#include "pool/pool.hxx"
#include "fs/FilteredSocket.hxx"
#include "ssl/AlpnCompare.hxx"
#include "ssl/Filter.hxx"
#include "uri/Verify.hxx"
#include "lib/fmt/SocketAddressFormatter.hxx"
#include "net/SocketProtocolError.hxx"
Expand Down Expand Up @@ -175,6 +176,22 @@ LbHttpConnection::LogSendError(IncomingHttpRequest &request,
SendError(request, ep);
}

const char *
LbHttpConnection::GetPeerSubject() const noexcept
{
return ssl_filter != nullptr
? ssl_filter_get_peer_subject(*ssl_filter)
: nullptr;
}

const char *
LbHttpConnection::GetPeerIssuerSubject() const noexcept
{
return ssl_filter != nullptr
? ssl_filter_get_peer_issuer_subject(*ssl_filter)
: nullptr;
}

void
LbHttpConnection::RecordAbuse(double size) noexcept
{
Expand Down
6 changes: 6 additions & 0 deletions src/lb/HttpConnection.hxx
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,12 @@ struct LbHttpConnection final
return ssl_filter != nullptr;
}

[[gnu::pure]]
const char *GetPeerSubject() const noexcept;

[[gnu::pure]]
const char *GetPeerIssuerSubject() const noexcept;

bool IsHTTP2() const noexcept {
#ifdef HAVE_NGHTTP2
return http2;
Expand Down
11 changes: 2 additions & 9 deletions src/lb/ResolveConnect.cxx
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
#include "http/Client.hxx"
#include "http/Headers.hxx"
#include "http/Method.hxx"
#include "ssl/Filter.hxx"
#include "istream/UnusedHoldPtr.hxx"
#include "fs/Stock.hxx"
#include "stock/GetHandler.hxx"
Expand Down Expand Up @@ -126,19 +125,13 @@ LbResolveConnectRequest::OnStockItemReady(StockItem &item) noexcept
stock_item = &item;
lease_state = LeaseState::BUSY;

const char *peer_subject = connection.ssl_filter != nullptr
? ssl_filter_get_peer_subject(*connection.ssl_filter)
: nullptr;
const char *peer_issuer_subject = connection.ssl_filter != nullptr
? ssl_filter_get_peer_issuer_subject(*connection.ssl_filter)
: nullptr;

auto &headers = request.headers;
lb_forward_request_headers(pool, headers,
request.local_host_and_port,
request.remote_host,
connection.IsEncrypted(),
peer_subject, peer_issuer_subject,
connection.GetPeerSubject(),
connection.GetPeerIssuerSubject(),
false);

http_client_request(pool, nullptr,
Expand Down

0 comments on commit 27e263e

Please sign in to comment.