Skip to content

Remove the ssl wire trace feature. #4677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shinrich merged 1 commit into from
Dec 4, 2018
Merged

Remove the ssl wire trace feature. #4677

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 0 additions & 19 deletions doc/admin-guide/files/records.config.en.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3450,25 +3450,6 @@ SSL Termination

See :ref:`admin-performance-timeouts` for more discussion on |TS| timeouts.

.. ts:cv:: CONFIG proxy.config.ssl.wire_trace_enabled INT 0

When enabled this turns on wire tracing of SSL connections that meet
the conditions specified by wire_trace_percentage, wire_trace_addr
and wire_trace_server_name.

.. ts:cv:: CONFIG proxy.config.ssl.wire_trace_percentage INT 0

This specifies the percentage of traffic meeting the other wire_trace
conditions to be traced.

.. ts:cv:: CONFIG proxy.config.ssl.wire_trace_addr STRING NULL

This specifies the client IP for which wire_traces should be printed.

.. ts:cv:: CONFIG proxy.config.ssl.wire_trace_server_name STRING NULL

This specifies the server name for which wire_traces should be printed.

Client-Related Configuration
----------------------------

Expand Down
7 changes: 0 additions & 7 deletions iocore/net/P_SSLConfig.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,13 +107,6 @@ struct SSLConfigParams : public ConfigInfo {
static size_t session_cache_max_bucket_size;
static bool session_cache_skip_on_lock_contention;

// TS-3435 Wiretracing for SSL Connections
static int ssl_wire_trace_enabled;
static char *ssl_wire_trace_addr;
static IpAddr *ssl_wire_trace_ip;
static int ssl_wire_trace_percentage;
static char *ssl_wire_trace_server_name;

static init_ssl_ctx_func init_ssl_ctx_cb;
static load_ssl_file_func load_ssl_file_cb;

Expand Down
13 changes: 0 additions & 13 deletions iocore/net/P_SSLNetVConnection.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -286,19 +286,6 @@ class SSLNetVConnection : public UnixNetVConnection
}
return retval;
}
bool
getSSLTrace() const
{
return sslTrace || super::origin_trace;
}

void
setSSLTrace(bool state)
{
sslTrace = state;
}

bool computeSSLTrace();

const char *
getSSLProtocol(void) const
Expand Down
31 changes: 2 additions & 29 deletions iocore/net/SSLConfig.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,14 +58,8 @@ size_t SSLConfigParams::session_cache_max_bucket_size = 100;
init_ssl_ctx_func SSLConfigParams::init_ssl_ctx_cb = nullptr;
load_ssl_file_func SSLConfigParams::load_ssl_file_cb = nullptr;

// TS-3534 Wiretracing for SSL Connections
int SSLConfigParams::ssl_wire_trace_enabled = 0;
char *SSLConfigParams::ssl_wire_trace_addr = nullptr;
IpAddr *SSLConfigParams::ssl_wire_trace_ip = nullptr;
int SSLConfigParams::ssl_wire_trace_percentage = 0;
char *SSLConfigParams::ssl_wire_trace_server_name = nullptr;
int SSLConfigParams::async_handshake_enabled = 0;
char *SSLConfigParams::engine_conf_file = nullptr;
int SSLConfigParams::async_handshake_enabled = 0;
char *SSLConfigParams::engine_conf_file = nullptr;

static std::unique_ptr<ConfigUpdateHandler<SSLCertificateConfig>> sslCertUpdate;
static std::unique_ptr<ConfigUpdateHandler<SSLConfig>> sslConfigUpdate;
Expand Down Expand Up @@ -131,7 +125,6 @@ SSLConfigParams::cleanup()
cipherSuite = (char *)ats_free_null(cipherSuite);
client_cipherSuite = (char *)ats_free_null(client_cipherSuite);
dhparamsFile = (char *)ats_free_null(dhparamsFile);
ssl_wire_trace_ip = (IpAddr *)ats_free_null(ssl_wire_trace_ip);

server_tls13_cipher_suites = (char *)ats_free_null(server_tls13_cipher_suites);
client_tls13_cipher_suites = (char *)ats_free_null(client_tls13_cipher_suites);
Expand Down Expand Up @@ -438,26 +431,6 @@ SSLConfigParams::initialize()

REC_ReadConfigInt32(ssl_allow_client_renegotiation, "proxy.config.ssl.allow_client_renegotiation");

// SSL Wire Trace configurations
REC_EstablishStaticConfigInt32(ssl_wire_trace_enabled, "proxy.config.ssl.wire_trace_enabled");
if (ssl_wire_trace_enabled) {
// wire trace specific source ip
REC_EstablishStaticConfigStringAlloc(ssl_wire_trace_addr, "proxy.config.ssl.wire_trace_addr");
if (ssl_wire_trace_addr) {
ssl_wire_trace_ip = new IpAddr();
ssl_wire_trace_ip->load(ssl_wire_trace_addr);
} else {
ssl_wire_trace_ip = nullptr;
}
// wire trace percentage of requests
REC_EstablishStaticConfigInt32(ssl_wire_trace_percentage, "proxy.config.ssl.wire_trace_percentage");
REC_EstablishStaticConfigStringAlloc(ssl_wire_trace_server_name, "proxy.config.ssl.wire_trace_server_name");
} else {
ssl_wire_trace_addr = nullptr;
ssl_wire_trace_ip = nullptr;
ssl_wire_trace_percentage = 0;
ssl_wire_trace_server_name = nullptr;
}
// Enable client regardless of config file settings as remap file
// can cause HTTP layer to connect using SSL. But only if SSL
// initialization hasn't failed already.
Expand Down
Loading