CLEANUP: server: always include the storage for SSL settings

The SSL stuff in struct server takes less than 3% of it and requires
lots of annoying ifdefs in the code just to take care of the cases
where the field is absent. Let's get rid of this and stop including
openssl-compat from server.c to detect NPN and ALPN capabilities.

This reduces the total LoC by another 0.4%.

diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
index e190f9053236408f94d95da99ca4689de72ba26b..15f2df34d2fc80a920f29e3a7dcced399ed50f5b 100644 (file)
--- a/include/haproxy/server-t.h
+++ b/include/haproxy/server-t.h
@@ -328,7 +328,6 @@ struct server {
        unsigned int init_addr_methods;         /* initial address setting, 3-bit per method, ends at 0, enough to store 10 entries */
        enum srv_log_proto log_proto;           /* used proto to emit messages on server lines from ring section */
 
-#ifdef USE_OPENSSL
        char *sni_expr;             /* Temporary variable to store a sample expression for SNI */
        struct {
                SSL_CTX *ctx;
@@ -364,7 +363,6 @@ struct server {
 #ifdef USE_QUIC
        struct quic_transport_params quic_params; /* QUIC transport parameters */
        struct eb_root cids;        /* QUIC connections IDs. */
-#endif
 #endif
        struct resolv_srvrq *srvrq;             /* Pointer representing the DNS SRV requeest, if any */
        struct list srv_rec_item;               /* to attach server to a srv record item */

diff --git a/src/server.c b/src/server.c
index b44b16469317d2b86e656f68345ae2ba9ebebe2f..5d6e4b1389cde4a882407d447595d66758c7713b 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -1823,7 +1823,6 @@ const char *server_parse_maxconn_change_request(struct server *sv,
        return NULL;
 }
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 static struct sample_expr *srv_sni_sample_parse_expr(struct server *srv, struct proxy *px,
                                                      const char *file, int linenum, char **err)
 {
@@ -1863,7 +1862,6 @@ static int server_parse_sni_expr(struct server *newsrv, struct proxy *px, char *
 
        return 0;
 }
-#endif
 
 static void display_parser_err(const char *file, int linenum, char **args, int cur_arg, int err_code, char **err)
 {
@@ -1956,14 +1954,11 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
        if (src->ssl_ctx.methods.max)
                srv->ssl_ctx.methods.max = src->ssl_ctx.methods.max;
 
-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
        if (src->ssl_ctx.ciphersuites != NULL)
                srv->ssl_ctx.ciphersuites = strdup(src->ssl_ctx.ciphersuites);
-#endif
        if (src->sni_expr != NULL)
                srv->sni_expr = strdup(src->sni_expr);
 
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
        if (src->ssl_ctx.alpn_str) {
                srv->ssl_ctx.alpn_str = malloc(src->ssl_ctx.alpn_len);
                if (srv->ssl_ctx.alpn_str) {
@@ -1972,8 +1967,7 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
                        srv->ssl_ctx.alpn_len = src->ssl_ctx.alpn_len;
                }
        }
-#endif
-#ifdef OPENSSL_NPN_NEGOTIATED
+
        if (src->ssl_ctx.npn_str) {
                srv->ssl_ctx.npn_str = malloc(src->ssl_ctx.npn_len);
                if (srv->ssl_ctx.npn_str) {
@@ -1982,7 +1976,6 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
                        srv->ssl_ctx.npn_len = src->ssl_ctx.npn_len;
                }
        }
-#endif
 }
 #endif
 
@@ -2358,13 +2351,13 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px)
 
                srv_settings_cpy(newsrv, srv, 1);
                srv_prepare_for_resolution(newsrv, srv->hostname);
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+
                if (newsrv->sni_expr) {
                        newsrv->ssl_ctx.sni = srv_sni_sample_parse_expr(newsrv, px, NULL, 0, NULL);
                        if (!newsrv->ssl_ctx.sni)
                                goto err;
                }
-#endif
+
                /* append to list of servers available to receive an hostname */
                if (newsrv->srvrq)
                        LIST_APPEND(&newsrv->srvrq->attached_servers, &newsrv->srv_rec_item);
@@ -2383,9 +2376,7 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px)
  err:
        _srv_parse_set_id_from_prefix(srv, srv->tmpl_info.prefix, srv->tmpl_info.nb_low);
        if (newsrv)  {
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
                release_sample_expr(newsrv->ssl_ctx.sni);
-#endif
                free_check(&newsrv->agent);
                free_check(&newsrv->check);
                LIST_DELETE(&newsrv->global_list);
@@ -2659,7 +2650,6 @@ out:
        return err_code;
 }
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 /* This function is first intended to be used through parse_server to
  * initialize a new server on startup.
  */
@@ -2678,7 +2668,6 @@ static int _srv_parse_sni_expr_init(char **args, int cur_arg,
 
        return ret;
 }
-#endif
 
 /* Server initializations finalization.
  * Initialize health check, agent check and SNI expression if enabled.
@@ -2691,10 +2680,8 @@ static int _srv_parse_finalize(char **args, int cur_arg,
                                struct server *srv, struct proxy *px,
                                int parse_flags)
 {
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
        int ret;
        char *errmsg = NULL;
-#endif
 
        if (srv->do_check && srv->trackit) {
                ha_alert("unable to enable checks and tracking at the same time!\n");
@@ -2707,7 +2694,6 @@ static int _srv_parse_finalize(char **args, int cur_arg,
                return ERR_ALERT | ERR_FATAL;
        }
 
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
        if ((ret = _srv_parse_sni_expr_init(args, cur_arg, srv, px, &errmsg)) != 0) {
                if (errmsg) {
                        ha_alert("%s\n", errmsg);
@@ -2715,7 +2701,6 @@ static int _srv_parse_finalize(char **args, int cur_arg,
                }
                return ret;
        }
-#endif
 
        /* A dynamic server is disabled on startup. It must not be counted as
         * an active backend entry.