REORG: ssl: move ssl_sock_load_cert()

author William Lallemand <wlallemand@haproxy.com>

Mon, 16 Mar 2020 13:45:55 +0000 (14:45 +0100)

committer William Lallemand <wlallemand@haproxy.org>

Mon, 16 Mar 2020 15:18:49 +0000 (16:18 +0100)
author William Lallemand <wlallemand@haproxy.com>
Mon, 16 Mar 2020 13:45:55 +0000 (14:45 +0100)
committer William Lallemand <wlallemand@haproxy.org>
Mon, 16 Mar 2020 15:18:49 +0000 (16:18 +0100)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c

index b2f28b5fc65d715b95c3750090c305ffbe92d3b9..edf4f927882f0bd1a256d80e835de6ba45acac8f 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4527,45 +4527,6 @@ ignore_entry:
         return cfgerr;
  }
  
-/* Returns a set of ERR_* flags possibly with an error in <err>. */
-int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
-{
-       struct stat buf;
-       char fp[MAXPATHLEN+1];
-       int cfgerr = 0;
-       struct ckch_store *ckchs;
-
-       if ((ckchs = ckchs_lookup(path))) {
-               /* we found the ckchs in the tree, we can use it directly */
-               return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
-       }
-       if (stat(path, &buf) == 0) {
-               if (S_ISDIR(buf.st_mode) == 0) {
-                       ckchs =  ckchs_load_cert_file(path, 0,  err);
-                       if (!ckchs)
-                               return ERR_ALERT | ERR_FATAL;
-
-                       return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
-               } else {
-                       return ssl_sock_load_cert_dir(path, bind_conf, err);
-               }
-       } else {
-               /* stat failed, could be a bundle */
-               if (global_ssl.extra_files & SSL_GF_BUNDLE) {
-                       /* try to load a bundle if it is permitted */
-                       ckchs =  ckchs_load_cert_file(path, 1,  err);
-                       if (!ckchs)
-                               return ERR_ALERT | ERR_FATAL;
-                       cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
-               } else {
-                       memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
-                                 err && *err ? *err : "", fp, strerror(errno));
-                       cfgerr |= ERR_ALERT | ERR_FATAL;
-               }
-       }
-
-       return cfgerr;
-}
  
  /* Make sure openssl opens /dev/urandom before the chroot. The work is only
   * done once. Zero is returned if the operation fails. No error is returned
@@ -4772,6 +4733,46 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
         return cfgerr;
  }
  
+/* Returns a set of ERR_* flags possibly with an error in <err>. */
+int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
+{
+       struct stat buf;
+       char fp[MAXPATHLEN+1];
+       int cfgerr = 0;
+       struct ckch_store *ckchs;
+
+       if ((ckchs = ckchs_lookup(path))) {
+               /* we found the ckchs in the tree, we can use it directly */
+               return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
+       }
+       if (stat(path, &buf) == 0) {
+               if (S_ISDIR(buf.st_mode) == 0) {
+                       ckchs =  ckchs_load_cert_file(path, 0,  err);
+                       if (!ckchs)
+                               return ERR_ALERT | ERR_FATAL;
+
+                       return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
+               } else {
+                       return ssl_sock_load_cert_dir(path, bind_conf, err);
+               }
+       } else {
+               /* stat failed, could be a bundle */
+               if (global_ssl.extra_files & SSL_GF_BUNDLE) {
+                       /* try to load a bundle if it is permitted */
+                       ckchs =  ckchs_load_cert_file(path, 1,  err);
+                       if (!ckchs)
+                               return ERR_ALERT | ERR_FATAL;
+                       cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
+               } else {
+                       memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
+                                 err && *err ? *err : "", fp, strerror(errno));
+                       cfgerr |= ERR_ALERT | ERR_FATAL;
+               }
+       }
+
+       return cfgerr;
+}
+
  /* Create an initial CTX used to start the SSL connection before switchctx */
  static int
  ssl_sock_initial_ctx(struct bind_conf *bind_conf)
author	William Lallemand <wlallemand@haproxy.com>
	Mon, 16 Mar 2020 13:45:55 +0000 (14:45 +0100)
committer	William Lallemand <wlallemand@haproxy.org>
	Mon, 16 Mar 2020 15:18:49 +0000 (16:18 +0100)