Merge pull request #3175 from processone/proxy_protocol_tls_info

Extract TLS informations that are delivered in PROXY protocol frame

(cherry picked from commit 29bb9c5)

Author: michaelklishin

deps/amqp_client/src/amqp_direct_connection.erl

@@ -195,14 +195,14 @@ socket_adapter_info(Sock, Protocol) ->
 
 maybe_ssl_info(Sock) ->
     RealSocket = rabbit_net:unwrap_socket(Sock),
-    case rabbit_net:is_ssl(RealSocket) of
-        true  -> [{ssl, true}] ++ ssl_info(RealSocket) ++ ssl_cert_info(RealSocket);
-        false -> [{ssl, false}]
+    case rabbit_net:proxy_ssl_info(RealSocket, rabbit_net:maybe_get_proxy_socket(Sock)) of
+        nossl -> [{ssl, false}];
+        Info -> [{ssl, true}] ++ ssl_info(Info) ++ ssl_cert_info(RealSocket)
     end.
 
-ssl_info(Sock) ->
+ssl_info(Info) ->
     {Protocol, KeyExchange, Cipher, Hash} =
-        case rabbit_net:ssl_info(Sock) of
+        case Info of
             {ok, Infos} ->
                 {_, P} = lists:keyfind(protocol, 1, Infos),
                 #{cipher := C,

deps/rabbit/src/rabbit_reader.erl

@@ -1509,7 +1509,8 @@ i(SockStat,           S) when SockStat =:= recv_oct;
                               SockStat =:= send_pend ->
     socket_info(fun (Sock) -> rabbit_net:getstat(Sock, [SockStat]) end,
                 fun ([{_, I}]) -> I end, S);
-i(ssl,                #v1{sock = Sock}) -> rabbit_net:is_ssl(Sock);
+i(ssl, #v1{sock = Sock, proxy_socket = ProxySock}) ->
+    rabbit_net:proxy_ssl_info(Sock, ProxySock) /= nossl;
 i(ssl_protocol,       S) -> ssl_info(fun ({P,         _}) -> P end, S);
 i(ssl_key_exchange,   S) -> ssl_info(fun ({_, {K, _, _}}) -> K end, S);
 i(ssl_cipher,         S) -> ssl_info(fun ({_, {_, C, _}}) -> C end, S);
@@ -1579,8 +1580,8 @@ socket_info(Get, Select, #v1{sock = Sock}) ->
         {error, _} -> 0
     end.
 
-ssl_info(F, #v1{sock = Sock}) ->
-    case rabbit_net:ssl_info(Sock) of
+ssl_info(F, #v1{sock = Sock, proxy_socket = ProxySock}) ->
+    case rabbit_net:proxy_ssl_info(Sock, ProxySock) of
         nossl       -> '';
         {error, _}  -> '';
         {ok, Items} ->

deps/rabbit_common/src/rabbit_net.erl

@@ -15,7 +15,7 @@
     setopts/2, send/2, close/1, fast_close/1, sockname/1, peername/1,
     peercert/1, connection_string/2, socket_ends/2, is_loopback/1,
     tcp_host/1, unwrap_socket/1, maybe_get_proxy_socket/1,
-    hostname/0, getifaddrs/0]).
+    hostname/0, getifaddrs/0, proxy_ssl_info/2]).
 
 %%---------------------------------------------------------------------------
 
@@ -34,6 +34,7 @@
 % -type host_or_ip() :: binary() | inet:ip_address().
 -spec is_ssl(socket()) -> boolean().
 -spec ssl_info(socket()) -> 'nossl' | ok_val_or_error([{atom(), any()}]).
+-spec proxy_ssl_info(socket(), ranch_proxy:proxy_socket()) -> 'nossl' | ok_val_or_error([{atom(), any()}]).
 -spec controlling_process(socket(), pid()) -> ok_or_any_error().
 -spec getstat(socket(), [stat_option()]) ->
           ok_val_or_error([{stat_option(), integer()}]).
@@ -98,6 +99,33 @@ ssl_info(Sock) when ?IS_SSL(Sock) ->
 ssl_info(_Sock) ->
     nossl.
 
+proxy_ssl_info(Sock, {rabbit_proxy_socket, _, ProxyInfo}) ->
+    case ProxyInfo of
+        #{ssl := #{version := Version, cipher := Cipher}} ->
+            Proto = case Version of
+                        <<"SSL3">> -> 'ssl3';
+                        <<"TLSv1">> -> 'tlsv1';
+                        <<"TLSv1.1">> -> 'tlsv1.1';
+                        <<"TLSv1.2">> -> 'tlsv1.2';
+                        <<"TLSv1.3">> -> 'tlsv1.3';
+                        _ -> nossl
+                    end,
+            CipherSuite = case ssl:str_to_suite(binary_to_list(Cipher)) of
+                              #{} = CS -> CS;
+                              _ -> ssl_info(Sock)
+                          end,
+            case {Proto, CipherSuite} of
+                {nossl, _} -> ssl_info(Sock);
+                {_, nossl} -> ssl_info(Sock);
+                _ -> {ok, [{protocol, Proto}, {selected_cipher_suite, CipherSuite}]}
+            end;
+        _ ->
+            ssl_info(Sock)
+    end;
+proxy_ssl_info(Sock, _) ->
+    ssl_info(Sock).
+
+
 controlling_process(Sock, Pid) when ?IS_SSL(Sock) ->
     ssl:controlling_process(Sock, Pid);
 controlling_process(Sock, Pid) when is_port(Sock) ->

deps/rabbitmq_amqp1_0/src/rabbit_amqp1_0_reader.erl

@@ -793,8 +793,8 @@ socket_info(Get, Select, #v1{sock = Sock}) ->
         {error, _} -> ''
     end.
 
-ssl_info(F, #v1{sock = Sock}) ->
-    case rabbit_net:ssl_info(Sock) of
+ssl_info(F, #v1{sock = Sock, proxy_socket = ProxySock}) ->
+    case rabbit_net:proxy_ssl_info(Sock, ProxySock) of
         nossl       -> '';
         {error, _}  -> '';
         {ok, Items} ->