MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock

This removes 2 #ifdefs and makes the code much cleaner. The controls
are still there and the two parsers have been merged into a single
function ssl_parse_global_ca_crt_base().

It's worth noting that there's still a check to prevent a change when
the value was already specified. This test seems useless and possibly
counter-productive, it may have to be revisited later, but for now it
was implemented identically.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 771dbe9529e9620484c3bcd070c941ee24710ace..6b4c9c900f1abd808a384f2ab6b947edba29a1b9 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -627,48 +627,6 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
                alertif_too_many_args(0, file, linenum, args, &err_code);
                goto out;
        }
-       else if (!strcmp(args[0], "ca-base")) {
-#ifdef USE_OPENSSL
-               if(alertif_too_many_args(1, file, linenum, args, &err_code))
-                       goto out;
-               if (global.ca_base != NULL) {
-                       Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
-                       err_code |= ERR_ALERT;
-                       goto out;
-               }
-               if (*(args[1]) == 0) {
-                       Alert("parsing [%s:%d] : '%s' expects a directory path as an argument.\n", file, linenum, args[0]);
-                       err_code |= ERR_ALERT | ERR_FATAL;
-                       goto out;
-               }
-               global.ca_base = strdup(args[1]);
-#else
-               Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
-               err_code |= ERR_ALERT | ERR_FATAL;
-               goto out;
-#endif
-       }
-       else if (!strcmp(args[0], "crt-base")) {
-#ifdef USE_OPENSSL
-               if (alertif_too_many_args(1, file, linenum, args, &err_code))
-                       goto out;
-               if (global.crt_base != NULL) {
-                       Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
-                       err_code |= ERR_ALERT;
-                       goto out;
-               }
-               if (*(args[1]) == 0) {
-                       Alert("parsing [%s:%d] : '%s' expects a directory path as an argument.\n", file, linenum, args[0]);
-                       err_code |= ERR_ALERT | ERR_FATAL;
-                       goto out;
-               }
-               global.crt_base = strdup(args[1]);
-#else
-               Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
-               err_code |= ERR_ALERT | ERR_FATAL;
-               goto out;
-#endif
-       }
        else if (!strcmp(args[0], "daemon")) {
                if (alertif_too_many_args(0, file, linenum, args, &err_code))
                        goto out;

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5f9c8f3f3a2e71ace4707dcdcaf6582d3236cb6b..830b9e28158893f7a7c71284474671945ff1da26 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5983,6 +5983,33 @@ static int ssl_parse_default_server_options(char **args, int section_type, struc
        return 0;
 }
 
+/* parse the "ca-base" / "crt-base" keywords in global section.
+ * Returns <0 on alert, >0 on warning, 0 on success.
+ */
+static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
+                                        struct proxy *defpx, const char *file, int line,
+                                        char **err)
+{
+       char **target;
+
+       target = (args[0][1] == 'a') ? &global.ca_base : &global.crt_base;
+
+       if (too_many_args(1, args, err, NULL))
+               return -1;
+
+       if (*target) {
+               memprintf(err, "'%s' already specified.", args[0]);
+               return -1;
+       }
+
+       if (*(args[1]) == 0) {
+               memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
+               return -1;
+       }
+       *target = strdup(args[1]);
+       return 0;
+}
+
 /* This function is used with TLS ticket keys management. It permits to browse
  * each reference. The variable <getnext> must contain the current node,
  * <end> point to the root node.
@@ -6380,6 +6407,8 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
 }};
 
 static struct cfg_kw_list cfg_kws = {ILH, {
+       { CFG_GLOBAL, "ca-base",  ssl_parse_global_ca_crt_base },
+       { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
        { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
        { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
        { 0, NULL, NULL },