Move passsite flag to sslctx

The passsite flag is ssl specific.

NEWS.md

@@ -8,8 +8,8 @@
     connections. Create macro functions for fine* debug logs.
 -   Switch from thrmgr to connection handling thread asap. Cleanly decouple
     code for thrmgr and conn handling threads. This prevents possible
-    multithreading issues between thrmgr and conn handling threads. So disable
-    thr mutex and remove BEV_OPT_THREADSAFE.
+    multithreading issues between thrmgr and conn handling threads. So remove
+    thr mutex and BEV_OPT_THREADSAFE.
 -   Offload thrmgr. Carry almost all conn init tasks from thrmgr to conn
     handling thread. Remove pending ssl conns list.
 -   Convert linked lists to doubly linked lists. It is very fast to remove a

src/protossl.c

@@ -716,7 +716,7 @@ protossl_srcssl_create(pxy_conn_ctx_t *ctx, SSL *origssl)
 					passsite->ip ? passsite->ip : (passsite->all ? "*" : STRORDASH(passsite->user)), STRORDASH(passsite->keyword));
 			cert_free(cert);
 			// Differentiate passsite from passthrough option by raising the passsite flag
-			ctx->passsite = 1;
+			ctx->sslctx->passsite = 1;
 			return NULL;
 		}
 		passsite = passsite->next;
@@ -1378,7 +1378,7 @@ protossl_setup_src_ssl(pxy_conn_ctx_t *ctx)
 	// @todo Make srvdst.ssl the origssl param
 	ctx->src.ssl = protossl_srcssl_create(ctx, ctx->srvdst.ssl);
 	if (!ctx->src.ssl) {
-		if ((ctx->spec->opts->passthrough || ctx->passsite) && !ctx->enomem) {
+		if ((ctx->spec->opts->passthrough || ctx->sslctx->passsite) && !ctx->enomem) {
 			log_err_level_printf(LOG_WARNING, "Falling back to passthrough\n");
 			protopassthrough_engage(ctx);
 			// report protocol change by returning 1
@@ -1531,7 +1531,7 @@ protossl_bev_eventcb_error_srvdst(UNUSED struct bufferevent *bev, pxy_conn_ctx_t
 		 * close the accepted socket and clean up */
 		// Passite is and can only be set in protossl_srcssl_create() after srvdst obtains the orig cert
 		// So the passsite condition here will most probably never used
-		if ((ctx->spec->opts->passthrough || ctx->passsite) && ctx->sslctx->have_sslerr) {
+		if ((ctx->spec->opts->passthrough || ctx->sslctx->passsite) && ctx->sslctx->have_sslerr) {
 			/* ssl callout failed, fall back to plain TCP passthrough of SSL connection */
 			log_err_level_printf(LOG_WARNING, "SSL srvdst connection failed; falling back to passthrough\n");
 			ctx->sslctx->have_sslerr = 0;

src/pxyconn.h

@@ -127,6 +127,9 @@ struct ssl_ctx {
 	unsigned int immutable_cert : 1;  /* 1 if the cert cannot be changed */
 	unsigned int generated_cert : 1;     /* 1 if we generated a new cert */
 	unsigned int have_sslerr : 1;           /* 1 if we have an ssl error */
+	// We should not switch to passthrough mode in error conditions unless Passthrough option is set,
+	// that is why PassSite option requires a flag of its own to differentiate it from Passthrough option
+	unsigned int passsite : 1;         /* 1 to pass the SSL site through */
 
 	/* server name indicated by client in SNI TLS extension */
 	char *sni;
@@ -304,10 +307,6 @@ struct pxy_conn_ctx {
 	unsigned int sent_userauth_msg : 1;     /* 1 until error msg is sent */
 	unsigned int sent_protoerror_msg : 1;   /* 1 until error msg is sent */
 
-	// We should not switch to passthrough mode in error conditions unless Passthrough option is set,
-	// that is why PassSite option requires a flag of its own to differentiate it from Passthrough option
-	unsigned int passsite : 1;         /* 1 to pass the SSL site through */
-
 #ifdef HAVE_LOCAL_PROCINFO
 	/* local process information */
 	pxy_conn_lproc_desc_t lproc;

src/pxythrmgr.c

@@ -106,7 +106,8 @@ pxy_thrmgr_run(pxy_thrmgr_ctx_t *ctx)
 		ctx->thr[i]->timeout_count = 0;
 		ctx->thr[i]->thrmgr = ctx;
 
-		if ((ctx->global->opts->user_auth || global_has_userauth_spec(ctx->global)) && sqlite3_prepare_v2(ctx->global->userdb, "SELECT user,ether,atime,desc FROM users WHERE ip = ?1", 100, &ctx->thr[i]->get_user, NULL)) {
+		if ((ctx->global->opts->user_auth || global_has_userauth_spec(ctx->global)) &&
+				sqlite3_prepare_v2(ctx->global->userdb, "SELECT user,ether,atime,desc FROM users WHERE ip = ?1", 100, &ctx->thr[i]->get_user, NULL)) {
 			log_err_level_printf(LOG_CRIT, "Error preparing get_user sql stmt: %s\n", sqlite3_errmsg(ctx->global->userdb));
 			goto leave;
 		}