int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err);
int ckch_inst_new_load_srv_store(const char *path, struct ckch_store *ckchs,
- struct ckch_inst **ckchi, SSL_CTX **ssl_ctx, char **err);
+ struct ckch_inst **ckchi, char **err);
void ckch_deinit();
struct ckch_inst *new_inst;
char **sni_filter = NULL;
int fcount = 0;
- SSL_CTX *ctx = NULL;
/* it takes a lot of CPU to creates SSL_CTXs, so we yield every 10 CKCH instances */
if (y >= 10) {
}
if (ckchi->is_server_instance)
- errcode |= ckch_inst_new_load_srv_store(new_ckchs->path, new_ckchs, &new_inst, &ctx, &err);
+ errcode |= ckch_inst_new_load_srv_store(new_ckchs->path, new_ckchs, &new_inst, &err);
else
errcode |= ckch_inst_new_load_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, sni_filter, fcount, &new_inst, &err);
new_inst->server = ckchi->server;
/* Create a new SSL_CTX and link it to the new instance. */
if (new_inst->is_server_instance) {
- errcode |= ssl_sock_prepare_srv_ssl_ctx(ckchi->server, ctx);
+ errcode |= ssl_sock_prepare_srv_ssl_ctx(ckchi->server, new_inst->ctx);
if (errcode & ERR_CODE)
goto error;
-
- new_inst->ctx = ctx;
}
/* create the link to the crtlist_entry */
* ERR_WARN if a warning is available into err
*/
int ckch_inst_new_load_srv_store(const char *path, struct ckch_store *ckchs,
- struct ckch_inst **ckchi, SSL_CTX **ssl_ctx, char **err)
+ struct ckch_inst **ckchi, char **err)
{
SSL_CTX *ctx;
struct cert_key_and_chain *ckch;
goto error;
}
- if (*ssl_ctx)
- SSL_CTX_free(*ssl_ctx);
- *ssl_ctx = ctx;
-
errcode |= ssl_sock_put_srv_ckch_into_ctx(path, ckch, ctx, err);
if (errcode & ERR_CODE)
goto error;
goto error;
}
- SSL_CTX_up_ref(ctx);
-
/* everything succeed, the ckch instance can be used */
ckch_inst->bind_conf = NULL;
ckch_inst->ssl_conf = NULL;
ckch_inst->ckch_store = ckchs;
-
- SSL_CTX_free(ctx); /* we need to free the ctx since we incremented the refcount where it's used */
+ ckch_inst->ctx = ctx;
*ckchi = ckch_inst;
return errcode;
}
static int ssl_sock_load_srv_ckchs(const char *path, struct ckch_store *ckchs,
- struct ckch_inst **ckch_inst,
- SSL_CTX **ssl_ctx, char **err)
+ struct ckch_inst **ckch_inst, char **err)
{
int errcode = 0;
/* we found the ckchs in the tree, we can use it directly */
- errcode |= ckch_inst_new_load_srv_store(path, ckchs, ckch_inst, ssl_ctx, err);
+ errcode |= ckch_inst_new_load_srv_store(path, ckchs, ckch_inst, err);
if (errcode & ERR_CODE)
return errcode;
if ((ckchs = ckchs_lookup(path))) {
/* we found the ckchs in the tree, we can use it directly */
- cfgerr |= ssl_sock_load_srv_ckchs(path, ckchs, &server->ssl_ctx.inst, &server->ssl_ctx.ctx, err);
+ cfgerr |= ssl_sock_load_srv_ckchs(path, ckchs, &server->ssl_ctx.inst, err);
found++;
} else if (stat(path, &buf) == 0) {
/* We do not manage directories on backend side. */
ckchs = ckchs_load_cert_file(path, err);
if (!ckchs)
cfgerr |= ERR_ALERT | ERR_FATAL;
- cfgerr |= ssl_sock_load_srv_ckchs(path, ckchs, &server->ssl_ctx.inst, &server->ssl_ctx.ctx, err);
+ cfgerr |= ssl_sock_load_srv_ckchs(path, ckchs, &server->ssl_ctx.inst, err);
if (server->ssl_ctx.inst) {
server->ssl_ctx.inst->is_server_instance = 1;
server->ssl_ctx.inst->server = server;
projects / thirdparty / haproxy.git / commitdiff
