struct list by_crtlist_entry; /* chained in crtlist_entry list of inst */
};
+
+/*
+ * deduplicate cafile (and crlfile)
+ */
+struct cafile_entry {
+ X509_STORE *ca_store;
+ STACK_OF(X509_NAME) *ca_list;
+ struct ebmb_node node;
+ char path[0];
+};
+
#endif /* USE_OPENSSL */
#endif /* _HAPROXY_SSL_CKCH_T_H */
void ckch_deinit();
+/* ssl_store functions */
+X509_STORE* ssl_store_get0_locations_file(char *path);
+int ssl_store_load_locations_file(char *path, int create_if_none);
+
#endif /* USE_OPENSSL */
#endif /* _HAPROXY_SSL_CRTLIST_H */
extern int totalsslconns;
extern struct eb_root ckchs_tree;
extern struct eb_root crtlists_tree;
+extern struct eb_root cafile_tree;
extern int sctl_ex_index;
extern struct global_ssl global_ssl;
extern struct ssl_bind_kw ssl_bind_kws[];
void ssl_free_global_issuers(void);
int ssl_sock_load_cert_list_file(char *file, int dir, struct bind_conf *bind_conf, struct proxy *curproxy, char **err);
int ssl_init_single_engine(const char *engine_id, const char *def_algorithms);
-int ssl_store_load_locations_file(char *path, int create_if_none);
/* ssl shctx macro */
#include <haproxy/openssl-compat.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/tools.h>
+#include <haproxy/ssl_ckch.h>
/****************** Global Section Parsing ********************************************/
return ckch_inst;
}
+
+/******************** ssl_store functions ******************************/
+struct eb_root cafile_tree = EB_ROOT_UNIQUE;
+
+X509_STORE* ssl_store_get0_locations_file(char *path)
+{
+ struct ebmb_node *eb;
+
+ eb = ebst_lookup(&cafile_tree, path);
+ if (eb) {
+ struct cafile_entry *ca_e;
+ ca_e = ebmb_entry(eb, struct cafile_entry, node);
+ return ca_e->ca_store;
+ }
+ return NULL;
+}
+
+int ssl_store_load_locations_file(char *path, int create_if_none)
+{
+ X509_STORE *store = ssl_store_get0_locations_file(path);
+
+ /* If this function is called by the CLI, we should not call the
+ * X509_STORE_load_locations function because it performs forbidden disk
+ * accesses. */
+ if (!store && create_if_none) {
+ struct cafile_entry *ca_e;
+ store = X509_STORE_new();
+ if (X509_STORE_load_locations(store, path, NULL)) {
+ int pathlen;
+ pathlen = strlen(path);
+ ca_e = calloc(1, sizeof(*ca_e) + pathlen + 1);
+ if (ca_e) {
+ memcpy(ca_e->path, path, pathlen + 1);
+ ca_e->ca_store = store;
+ ebst_insert(&cafile_tree, &ca_e->node);
+ }
+ } else {
+ X509_STORE_free(store);
+ store = NULL;
+ }
+ }
+ return (store != NULL);
+}
+
+
/*************************** CLI commands ***********************/
/* Type of SSL payloads that can be updated over the CLI */
__decl_thread(HA_SPINLOCK_T ckch_lock);
-/*
- * deduplicate cafile (and crlfile)
- */
-struct cafile_entry {
- X509_STORE *ca_store;
- STACK_OF(X509_NAME) *ca_list;
- struct ebmb_node node;
- char path[0];
-};
-
-static struct eb_root cafile_tree = EB_ROOT_UNIQUE;
-
-static X509_STORE* ssl_store_get0_locations_file(char *path)
-{
- struct ebmb_node *eb;
-
- eb = ebst_lookup(&cafile_tree, path);
- if (eb) {
- struct cafile_entry *ca_e;
- ca_e = ebmb_entry(eb, struct cafile_entry, node);
- return ca_e->ca_store;
- }
- return NULL;
-}
-
-int ssl_store_load_locations_file(char *path, int create_if_none)
-{
- X509_STORE *store = ssl_store_get0_locations_file(path);
-
- /* If this function is called by the CLI, we should not call the
- * X509_STORE_load_locations function because it performs forbidden disk
- * accesses. */
- if (!store && create_if_none) {
- struct cafile_entry *ca_e;
- store = X509_STORE_new();
- if (X509_STORE_load_locations(store, path, NULL)) {
- int pathlen;
- pathlen = strlen(path);
- ca_e = calloc(1, sizeof(*ca_e) + pathlen + 1);
- if (ca_e) {
- memcpy(ca_e->path, path, pathlen + 1);
- ca_e->ca_store = store;
- ebst_insert(&cafile_tree, &ca_e->node);
- }
- } else {
- X509_STORE_free(store);
- store = NULL;
- }
- }
- return (store != NULL);
-}
/* mimic what X509_STORE_load_locations do with store_ctx */
static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
projects / thirdparty / haproxy.git / commitdiff
