trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bc...@apache.org
Subject [trafficserver] 01/02: Remove all references to TS_USE_TLS_SNI
Date Fri, 16 Feb 2018 19:52:24 GMT
This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit eceff01d49d6958b67d47189ff3e43b31602e112
Author: David Calavera <david.calavera@gmail.com>
AuthorDate: Fri Feb 16 10:13:47 2018 -0800

    Remove all references to TS_USE_TLS_SNI
---
 build/crypto.m4                                     |  3 +--
 cmd/traffic_layout/info.cc                          |  1 -
 doc/admin-guide/files/records.config.en.rst         |  4 +---
 .../admin-guide/files/records.config.en.po          |  4 +---
 iocore/net/SSLNetVConnection.cc                     | 21 +--------------------
 iocore/net/SSLUtils.cc                              |  5 -----
 lib/ts/ink_config.h.in                              |  1 -
 .../experimental/ssl_cert_loader/ssl-cert-loader.cc | 12 ------------
 tests/README.md                                     |  1 -
 9 files changed, 4 insertions(+), 48 deletions(-)

diff --git a/build/crypto.m4 b/build/crypto.m4
index 3a3b03b..9c85b2c 100644
--- a/build/crypto.m4
+++ b/build/crypto.m4
@@ -119,14 +119,13 @@ AC_DEFUN([TS_CHECK_CRYPTO_SNI], [
     enable_tls_sni=no
   ])
 
-  AC_CHECK_FUNCS(SSL_get_servername, [], [enable_tls_sni=no])
+  AC_CHECK_FUNCS(SSL_get_servername, [], [enable_tls_sni])
 
   LIBS=$_sni_saved_LIBS
 
   AC_MSG_CHECKING(whether to enable ServerNameIndication TLS extension support)
   AC_MSG_RESULT([$enable_tls_sni])
   TS_ARG_ENABLE_VAR([use], [tls-sni])
-  AC_SUBST(use_tls_sni)
 ])
 
 AC_DEFUN([TS_CHECK_CRYPTO_CERT_CB], [
diff --git a/cmd/traffic_layout/info.cc b/cmd/traffic_layout/info.cc
index eeca485..94528b1 100644
--- a/cmd/traffic_layout/info.cc
+++ b/cmd/traffic_layout/info.cc
@@ -90,7 +90,6 @@ produce_features(bool json)
   print_feature("TS_USE_HWLOC", TS_USE_HWLOC, json);
   print_feature("TS_USE_TLS_NPN", TS_USE_TLS_NPN, json);
   print_feature("TS_USE_TLS_ALPN", TS_USE_TLS_ALPN, json);
-  print_feature("TS_USE_TLS_SNI", TS_USE_TLS_SNI, json);
   print_feature("TS_USE_CERT_CB", TS_USE_CERT_CB, json);
   print_feature("TS_USE_SET_RBIO", TS_USE_SET_RBIO, json);
   print_feature("TS_USE_TLS_ECKEY", TS_USE_TLS_ECKEY, json);
diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst
index a430347..119fa4c 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -3349,9 +3349,7 @@ SSL Termination
 
 .. ts:cv:: CONFIG proxy.config.ssl.wire_trace_server_name STRING NULL
 
-   This specifies the server name for which wire_traces should be
-   printed. This only works if traffic_server is built with
-   TS_USE_TLS_SNI flag set to true.
+   This specifies the server name for which wire_traces should be printed.
 
 Client-Related Configuration
 ----------------------------
diff --git a/doc/locale/ja/LC_MESSAGES/admin-guide/files/records.config.en.po b/doc/locale/ja/LC_MESSAGES/admin-guide/files/records.config.en.po
index e929c45..be917bf 100644
--- a/doc/locale/ja/LC_MESSAGES/admin-guide/files/records.config.en.po
+++ b/doc/locale/ja/LC_MESSAGES/admin-guide/files/records.config.en.po
@@ -4830,9 +4830,7 @@ msgstr ""
 
 #: ../../../admin-guide/files/records.config.en.rst:3117
 msgid ""
-"This specifies the server name for which wire_traces should be printed. "
-"This only works if traffic_server is built with TS_USE_TLS_SNI flag set to "
-"true."
+"This specifies the server name for which wire_traces should be printed."
 msgstr ""
 
 #: ../../../admin-guide/files/records.config.en.rst:3122
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 9c2a513..cb96af0 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -956,15 +956,6 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
       // to negotiate a SSL session, but it's enough to trampoline us into the SNI callback
where we
       // can select the right server certificate.
       this->ssl = make_ssl_connection(lookup->defaultContext(), this);
-
-#if !(TS_USE_TLS_SNI)
-      // set SSL trace
-      if (SSLConfigParams::ssl_wire_trace_enabled) {
-        bool trace = computeSSLTrace();
-        Debug("ssl", "sslnetvc. setting trace to=%s", trace ? "true" : "false");
-        setSSLTrace(trace);
-      }
-#endif
     }
 
     if (this->ssl == nullptr) {
@@ -1017,7 +1008,6 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
       }
       SSL_set_verify(this->ssl, clientVerify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, verify_callback);
 
-#if TS_USE_TLS_SNI
       if (this->options.sni_servername) {
         if (SSL_set_tlsext_host_name(this->ssl, this->options.sni_servername)) {
           Debug("ssl", "using SNI name '%s' for client handshake", this->options.sni_servername.get());
@@ -1026,7 +1016,6 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
           SSL_INCREMENT_DYN_STAT(ssl_sni_name_set_failure);
         }
       }
-#endif
     }
 
     return sslClientHandShakeEvent(err);
@@ -1470,16 +1459,12 @@ SSLNetVConnection::reenable(NetHandler *nh)
 bool
 SSLNetVConnection::sslContextSet(void *ctx)
 {
-#if TS_USE_TLS_SNI
   bool zret = true;
   if (ssl) {
     SSL_set_SSL_CTX(ssl, static_cast<SSL_CTX *>(ctx));
   } else {
     zret = false;
   }
-#else
-  bool zret      = false;
-#endif
   return zret;
 }
 
@@ -1585,8 +1570,7 @@ SSLNetVConnection::callHooks(TSEvent eventId)
 bool
 SSLNetVConnection::computeSSLTrace()
 {
-// this has to happen before the handshake or else sni_servername will be nullptr
-#if TS_USE_TLS_SNI
+  // this has to happen before the handshake or else sni_servername will be nullptr
   bool sni_trace;
   if (ssl) {
     const char *ssl_servername   = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
@@ -1596,9 +1580,6 @@ SSLNetVConnection::computeSSLTrace()
   } else {
     sni_trace = false;
   }
-#else
-  bool sni_trace = false;
-#endif
 
   // count based on ip only if they set an IP value
   const sockaddr *remote_addr = get_remote_addr();
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index ae964eb..12c0532 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -317,7 +317,6 @@ ssl_rm_cached_session(SSL_CTX *ctx, SSL_SESSION *sess)
   session_cache->removeSession(sid);
 }
 
-#if TS_USE_TLS_SNI
 int
 set_context_cert(SSL *ssl)
 {
@@ -330,7 +329,6 @@ set_context_cert(SSL *ssl)
   int retval               = 1;
 
   Debug("ssl", "set_context_cert ssl=%p server=%s handshake_complete=%d", ssl, servername,
netvc->getSSLHandShakeComplete());
-  // set SSL trace (we do this a little later in the USE_TLS_SNI case so we can get the servername
   if (SSLConfigParams::ssl_wire_trace_enabled) {
     bool trace = netvc->computeSSLTrace();
     Debug("ssl", "sslnetvc. setting trace to=%s", trace ? "true" : "false");
@@ -495,7 +493,6 @@ done:
   return retval;
 }
 #endif
-#endif /* TS_USE_TLS_SNI */
 
 #if TS_USE_GET_DH_2048_256 == 0
 /* Build 2048-bit MODP Group with 256-bit Prime Order Subgroup from RFC 5114 */
@@ -1492,7 +1489,6 @@ ssl_callback_info(const SSL *ssl, int where, int ret)
 static void
 ssl_set_handshake_callbacks(SSL_CTX *ctx)
 {
-#if TS_USE_TLS_SNI
 // Make sure the callbacks are set
 #if TS_USE_CERT_CB
   SSL_CTX_set_cert_cb(ctx, ssl_cert_callback, nullptr);
@@ -1500,7 +1496,6 @@ ssl_set_handshake_callbacks(SSL_CTX *ctx)
 #else
   SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_and_cert_callback);
 #endif
-#endif
 }
 
 void
diff --git a/lib/ts/ink_config.h.in b/lib/ts/ink_config.h.in
index 0d104de..037b619 100644
--- a/lib/ts/ink_config.h.in
+++ b/lib/ts/ink_config.h.in
@@ -71,7 +71,6 @@
 #define TS_USE_HWLOC @use_hwloc@
 #define TS_USE_TLS_NPN @use_tls_npn@
 #define TS_USE_TLS_ALPN @use_tls_alpn@
-#define TS_USE_TLS_SNI @use_tls_sni@
 #define TS_USE_CERT_CB @use_cert_cb@
 #define TS_USE_SET_RBIO @use_set_rbio@
 #define TS_USE_GET_DH_2048_256 @use_dh_get_2048_256@
diff --git a/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc b/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
index 685df7d..c3aacff 100644
--- a/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
+++ b/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
@@ -43,8 +43,6 @@ using ts::config::Value;
 #define PN "ssl-cert-loader"
 #define PCP "[" PN " Plugin] "
 
-#if TS_USE_TLS_SNI
-
 namespace
 {
 class CertLookup
@@ -554,13 +552,3 @@ TSPluginInit(int argc, const char *argv[])
 
   return;
 }
-
-#else // ! TS_USE_TLS_SNI
-
-void
-TSPluginInit(int, const char *[])
-{
-  TSError(PCP "requires TLS SNI which is not available");
-}
-
-#endif // TS_USE_TLS_SNI
diff --git a/tests/README.md b/tests/README.md
index 2d5f714..4fc365d 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -295,7 +295,6 @@ ts.Disk.remap_config.AddLine(
  * TS_USE_HWLOC
  * TS_USE_TLS_NPN
  * TS_USE_TLS_ALPN
- * TS_USE_TLS_SNI
  * TS_USE_CERT_CB
  * TS_USE_SET_RBIO
  * TS_USE_TLS_ECKEY

-- 
To stop receiving notification emails like this one, please contact
bcall@apache.org.

Mime
View raw message