* 0 on success
* 1 on failure
*/
-static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, int fcount, char **err)
+static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, char **sni_filter, int fcount, char **err)
{
char fp[MAXPATHLEN+1] = {0};
int n = 0;
}
#else
/* This is a dummy, that just logs an error and returns error */
-static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, int fcount, char **err)
+static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, char **sni_filter, int fcount, char **err)
{
memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
err && *err ? *err : "", path, strerror(errno));
return ret;
}
-static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, int fcount, char **err)
+static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, char **sni_filter, int fcount, char **err)
{
int ret;
SSL_CTX *ctx;
return 0;
}
-int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
+int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
{
struct dirent **de_list;
int i, n;
if (stat(path, &buf) == 0) {
dir = opendir(path);
if (!dir)
- return ssl_sock_load_cert_file(path, bind_conf, curproxy, NULL, 0, err);
+ return ssl_sock_load_cert_file(path, bind_conf, NULL, 0, err);
/* strip trailing slashes, including first one */
for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
}
snprintf(fp, sizeof(fp), "%s/%s", path, dp);
- ssl_sock_load_multi_cert(fp, bind_conf, curproxy, NULL, 0, err);
+ ssl_sock_load_multi_cert(fp, bind_conf, NULL, 0, err);
/* Successfully processed the bundle */
goto ignore_entry;
}
#endif
- cfgerr += ssl_sock_load_cert_file(fp, bind_conf, curproxy, NULL, 0, err);
+ cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, 0, err);
ignore_entry:
free(de);
}
return cfgerr;
}
- cfgerr = ssl_sock_load_multi_cert(path, bind_conf, curproxy, NULL, 0, err);
+ cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, 0, err);
return cfgerr;
}
return random_initialized;
}
-int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
+int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, char **err)
{
char thisline[LINESIZE*CRTLIST_FACTOR];
FILE *f;
continue;
if (stat(args[0], &buf) == 0) {
- cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err);
+ cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, &args[1], arg-1, err);
} else {
- cfgerr = ssl_sock_load_multi_cert(args[0], bind_conf, curproxy, &args[1], arg-1, err);
+ cfgerr = ssl_sock_load_multi_cert(args[0], bind_conf, &args[1], arg-1, err);
}
if (cfgerr) {
#define SSL_MODE_SMALL_BUFFERS 0
#endif
-int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy *curproxy)
+int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx)
{
+ struct proxy *curproxy = bind_conf->frontend;
int cfgerr = 0;
int verify = SSL_VERIFY_NONE;
long ssloptions =
}
/* prepare ssl context from servers options. Returns an error count */
-int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
+int ssl_sock_prepare_srv_ctx(struct server *srv)
{
+ struct proxy *curproxy = srv->proxy;
int cfgerr = 0;
long options =
SSL_OP_ALL | /* all known workarounds for bugs */
* be NULL, in which case nothing is done. Returns the number of errors
* encountered.
*/
-int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf, struct proxy *px)
+int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
{
struct ebmb_node *node;
struct sni_ctx *sni;
global.ssl_used_frontend = 1;
if (bind_conf->default_ctx)
- err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ctx, px);
+ err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ctx);
node = ebmb_first(&bind_conf->sni_ctx);
while (node) {
if (!sni->order && sni->ctx != bind_conf->default_ctx)
/* only initialize the CTX on its first occurrence and
if it is not the default_ctx */
- err += ssl_sock_prepare_ctx(bind_conf, sni->ctx, px);
+ err += ssl_sock_prepare_ctx(bind_conf, sni->ctx);
node = ebmb_next(node);
}
if (!sni->order && sni->ctx != bind_conf->default_ctx)
/* only initialize the CTX on its first occurrence and
if it is not the default_ctx */
- err += ssl_sock_prepare_ctx(bind_conf, sni->ctx, px);
+ err += ssl_sock_prepare_ctx(bind_conf, sni->ctx);
node = ebmb_next(node);
}
return err;
/* Load CA cert file and private key used to generate certificates */
int
-ssl_sock_load_ca(struct bind_conf *bind_conf, struct proxy *px)
+ssl_sock_load_ca(struct bind_conf *bind_conf)
{
+ struct proxy *px = bind_conf->frontend;
FILE *fp;
X509 *cacert = NULL;
EVP_PKEY *capkey = NULL;
return ERR_ALERT | ERR_FATAL;
}
snprintf(path, sizeof(path), "%s/%s", global.crt_base, args[cur_arg + 1]);
- if (ssl_sock_load_cert(path, conf, px, err) > 0)
+ if (ssl_sock_load_cert(path, conf, err) > 0)
return ERR_ALERT | ERR_FATAL;
return 0;
}
- if (ssl_sock_load_cert(args[cur_arg + 1], conf, px, err) > 0)
+ if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
return ERR_ALERT | ERR_FATAL;
return 0;
return ERR_ALERT | ERR_FATAL;
}
- if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
+ if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, err) > 0) {
memprintf(err, "'%s' : %s", args[cur_arg], *err);
return ERR_ALERT | ERR_FATAL;
}
projects / thirdparty / haproxy.git / commitdiff
