BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found

The x509_v_err_str converter now outputs the numerical value as a string
when the corresponding constant name was not found.

Must be backported as far as 2.7.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 4cbb7a6..9d4aa3c 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -19105,6 +19105,9 @@ x509_v_err_str
   is useful in ACL in order to have a configuration which works with multiple
   version of OpenSSL since some codes might change when changing version.
 
+  When the corresponding constant name was not found, outputs the numerical
+  value as a string.
+
   The list of constant provided by OpenSSL can be found at
   https://www.openssl.org/docs/manmaster/man3/X509_STORE_CTX_get_error.html#ERROR-CODES
   Be careful to read the page for the right version of OpenSSL.
@@ -19121,6 +19124,9 @@ x509_v_err_str
     http-response add-header X-SSL Expired if cert_expired
     http-response add-header X-SSL Revoked if cert_revoked
 
+    http-response add-header X-SSL-verify %[ssl_c_verify,x509_v_err_str]
+
+
 7.3.2. Fetching samples from internal states
 --------------------------------------------
 

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 30a6162..5c6ad1c 100644 (file)
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -411,6 +411,17 @@ static int sample_conv_x509_v_err(const struct arg *arg_p, struct sample *smp, v
                smp->flags |= SMP_F_CONST;
 
                return 1;
+       } else {
+               struct buffer *smp_trash = get_trash_chunk();
+
+               /* if the conversion failed, output the numbers as string */
+               chunk_printf(smp_trash, "%llu", smp->data.u.sint);
+
+               smp->data.u.str = *smp_trash;
+               smp->data.type = SMP_T_STR;
+               smp->flags &= ~SMP_F_CONST;
+
+               return 1;
        }
 
        return 0;