MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf()

author Willy Tarreau <w@1wt.eu>

Thu, 22 Dec 2016 16:30:54 +0000 (17:30 +0100)

committer Willy Tarreau <w@1wt.eu>

Thu, 22 Dec 2016 22:26:38 +0000 (23:26 +0100)
author Willy Tarreau <w@1wt.eu>
Thu, 22 Dec 2016 16:30:54 +0000 (17:30 +0100)
committer Willy Tarreau <w@1wt.eu>
Thu, 22 Dec 2016 22:26:38 +0000 (23:26 +0100)
diff --git a/src/cfgparse.c b/src/cfgparse.c

index f1f0f9ba029caec04574e286415b3a1914f5c642..6d446ad3fc1e05af8ffc666b32a73b09ec049ea8 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -8801,31 +8801,8 @@ out_uri_auth_compat:
  
                 /* Release unused SSL configs */
                 list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
-                       if (bind_conf->is_ssl)
-                               continue;
-#ifdef USE_OPENSSL
-                       ssl_sock_free_ca(bind_conf);
-                       ssl_sock_free_all_ctx(bind_conf);
-                       free(bind_conf->ca_file);
-                       free(bind_conf->ca_sign_file);
-                       free(bind_conf->ca_sign_pass);
-                       free(bind_conf->ciphers);
-                       free(bind_conf->ecdhe);
-                       free(bind_conf->crl_file);
-                       if(bind_conf->keys_ref) {
-                               free(bind_conf->keys_ref->filename);
-                               free(bind_conf->keys_ref->tlskeys);
-                               LIST_DEL(&bind_conf->keys_ref->list);
-                               free(bind_conf->keys_ref);
-                       }
-                       bind_conf->keys_ref = NULL;
-                       bind_conf->crl_file = NULL;
-                       bind_conf->ecdhe = NULL;
-                       bind_conf->ciphers = NULL;
-                       bind_conf->ca_sign_pass = NULL;
-                       bind_conf->ca_sign_file = NULL;
-                       bind_conf->ca_file = NULL;
-#endif /* USE_OPENSSL */
+                       if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf)
+                               bind_conf->xprt->destroy_bind_conf(bind_conf);
                 }
  
                 if (my_popcountl(curproxy->bind_proc & nbits(global.nbproc)) > 1) {
diff --git a/src/haproxy.c b/src/haproxy.c

index ef846fe4e2c423546042173c9946b5162163cef0..adffda92405e9a6a4d8079ef8a5f7a86f1d1debf 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1466,16 +1466,8 @@ static void deinit(void)
  
                 /* Release unused SSL configs. */
                 list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
-#ifdef USE_OPENSSL
-                       ssl_sock_free_ca(bind_conf);
-                       ssl_sock_free_all_ctx(bind_conf);
-                       free(bind_conf->ca_file);
-                       free(bind_conf->ca_sign_file);
-                       free(bind_conf->ca_sign_pass);
-                       free(bind_conf->ciphers);
-                       free(bind_conf->ecdhe);
-                       free(bind_conf->crl_file);
-#endif /* USE_OPENSSL */
+                       if (bind_conf->xprt->destroy_bind_conf)
+                               bind_conf->xprt->destroy_bind_conf(bind_conf);
                         free(bind_conf->file);
                         free(bind_conf->arg);
                         LIST_DEL(&bind_conf->by_fe);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c

index 490003f40bd1b0c5da87768f20714da38a679679..ae821e007728d6bdec4e01278a8731af5de464a1 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3308,6 +3308,32 @@ void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
         bind_conf->default_ctx = NULL;
  }
  
+/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
+void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
+{
+       ssl_sock_free_ca(bind_conf);
+       ssl_sock_free_all_ctx(bind_conf);
+       free(bind_conf->ca_file);
+       free(bind_conf->ca_sign_file);
+       free(bind_conf->ca_sign_pass);
+       free(bind_conf->ciphers);
+       free(bind_conf->ecdhe);
+       free(bind_conf->crl_file);
+       if (bind_conf->keys_ref) {
+               free(bind_conf->keys_ref->filename);
+               free(bind_conf->keys_ref->tlskeys);
+               LIST_DEL(&bind_conf->keys_ref->list);
+               free(bind_conf->keys_ref);
+       }
+       bind_conf->keys_ref = NULL;
+       bind_conf->crl_file = NULL;
+       bind_conf->ecdhe = NULL;
+       bind_conf->ciphers = NULL;
+       bind_conf->ca_sign_pass = NULL;
+       bind_conf->ca_sign_file = NULL;
+       bind_conf->ca_file = NULL;
+}
+
  /* Load CA cert file and private key used to generate certificates */
  int
  ssl_sock_load_ca(struct bind_conf *bind_conf)
@@ -6632,6 +6658,7 @@ struct xprt_ops ssl_sock = {
         .close    = ssl_sock_close,
         .init     = ssl_sock_init,
         .prepare_bind_conf = ssl_sock_prepare_bind_conf,
+       .destroy_bind_conf = ssl_sock_destroy_bind_conf,
         .name     = "SSL",
  };
author	Willy Tarreau <w@1wt.eu>
	Thu, 22 Dec 2016 16:30:54 +0000 (17:30 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Thu, 22 Dec 2016 22:26:38 +0000 (23:26 +0100)
src/cfgparse.c		patch \| blob \| blame \| history
src/haproxy.c		patch \| blob \| blame \| history
src/ssl_sock.c		patch \| blob \| blame \| history