CLEANUP: ssl: make ssl_sock_load_ckchs() return a set of ERR_*

ssl_sock_load_ckchs() used to return 0 or >0 to indicate success or
failure even though this was not documented. Make it return a set of
ERR_* instead so that its callers can transparently report its status.
Given that its callers only used to know about ERR_ALERT | ERR_FATAL,
this is the only code returned for now. And a comment was added.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ed1f5ba1811fa0786f5ac5f8047eb6e32fdb04d2..10dee6f8cdae45fcac79cd402af71ae7200a99b6 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3672,6 +3672,7 @@ error:
        return NULL;
 }
 
+/* Returns a set of ERR_* flags possibly with an error in <err>. */
 static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
                                struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
                                char **sni_filter, int fcount, char **err)
@@ -3685,13 +3686,12 @@ static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
                ckch_inst = ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, err);
 
        if (!ckch_inst)
-               return 1;
+               return ERR_ALERT | ERR_FATAL;
 
        ssl_sock_load_cert_sni(ckch_inst, bind_conf);
 
        /* succeed, add the instance to the ckch_store's list of instance */
        LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
-
        return 0;
 }
 
@@ -3713,10 +3713,7 @@ int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
 #endif
        if ((ckchs = ckchs_lookup(path))) {
                /* we found the ckchs in the tree, we can use it directly */
-               if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-                       return ERR_ALERT | ERR_FATAL;
-               else
-                       return 0;
+               return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
        }
 
        if (stat(path, &buf) == 0) {
@@ -3726,10 +3723,7 @@ int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
                        if (!ckchs)
                                return ERR_ALERT | ERR_FATAL;
 
-                       if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-                               return ERR_ALERT | ERR_FATAL;
-                       else
-                               return 0;
+                       return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
                }
 
                /* strip trailing slashes, including first one */
@@ -3794,8 +3788,8 @@ int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
                                                        ckchs =  ckchs_load_cert_file(fp, 1,  err);
                                                if (!ckchs)
                                                        cfgerr |= ERR_ALERT | ERR_FATAL;
-                                               else if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-                                                       cfgerr |= ERR_ALERT | ERR_FATAL;
+                                               else
+                                                       cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
                                                /* Successfully processed the bundle */
                                                goto ignore_entry;
                                        }
@@ -3807,8 +3801,7 @@ int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
                                if (!ckchs)
                                        cfgerr |= ERR_ALERT | ERR_FATAL;
                                else
-                                       if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-                                               cfgerr |= ERR_ALERT | ERR_FATAL;
+                                       cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
 
 ignore_entry:
                                free(de);
@@ -3823,8 +3816,7 @@ ignore_entry:
        if (!ckchs)
                return ERR_ALERT | ERR_FATAL;
 
-       if (ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err) > 0)
-               cfgerr |= ERR_ALERT | ERR_FATAL;
+       cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
 
        return cfgerr;
 }
@@ -4018,10 +4010,10 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
                                ckchs = ckchs_load_cert_file(crt_path, 1,  err);
                }
 
-               if (!ckchs ||
-                   ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err) > 0) {
+               if (!ckchs)
                        cfgerr |= ERR_ALERT | ERR_FATAL;
-               }
+               else
+                       cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
 
                if (cfgerr) {
                        memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);