From 8c866a38581152c25c8a6024da5645821aebdb46 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 19 Oct 2012 14:34:30 +0200 Subject: [PATCH] BUG: ssl: fix ssl_sni ACLs to correctly process regular expressions ssl_sni_reg was using acl_parse_str which is wrong since we're parsing a regex. Additionally, neither _end nor _reg may be looked up. --- src/ssl_sock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 53f6d83..f5e68b1 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1774,8 +1774,8 @@ static struct acl_kw_list acl_kws = {{ },{ { "ssl_npn", acl_parse_str, smp_fetch_ssl_npn, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, #endif { "ssl_sni", acl_parse_str, smp_fetch_ssl_sni, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_sni_end", acl_parse_str, smp_fetch_ssl_sni, acl_match_end, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_sni_reg", acl_parse_str, smp_fetch_ssl_sni, acl_match_reg, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, + { "ssl_sni_end", acl_parse_str, smp_fetch_ssl_sni, acl_match_end, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_sni_reg", acl_parse_reg, smp_fetch_ssl_sni, acl_match_reg, ACL_USE_L6REQ_PERMANENT, 0 }, { "ssl_verify_caerr", acl_parse_int, smp_fetch_verify_caerr, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, { "ssl_verify_caerr_depth", acl_parse_int, smp_fetch_verify_caerr_depth, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, { "ssl_verify_crterr", acl_parse_int, smp_fetch_verify_crterr, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, -- 1.7.10.4