CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback

tlskeys_finalize_config() was the only reason for haproxy.c to still
require ifdef and includes for ssl_sock. This one fits perfectly well
in the late initializers so it was changed to be registered with
hap_register_post_check().

diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index d3756a12944e2aae831283fc67582e76277bc993..9f43adc3aadcd347d3d36a85683a6d9d237b6a81 100644 (file)
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -65,7 +65,6 @@ int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err);
 int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err);
 struct tls_keys_ref *tlskeys_ref_lookup(const char *filename);
 struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id);
-void tlskeys_finalize_config(void);
 #endif
 #ifndef OPENSSL_NO_DH
 int ssl_sock_load_global_dh_param_from_file(const char *filename);

diff --git a/src/haproxy.c b/src/haproxy.c
index 611371ca24af474ccf96a9d4101d80aaddff5933..30991a9428bba5d84edcef91da62f3e4c99a22ed 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -109,9 +109,6 @@
 #include <proto/dns.h>
 #include <proto/vars.h>
 
-#ifdef USE_OPENSSL
-#include <proto/ssl_sock.h>
-#endif
 
 /* list of config files */
 static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles);
@@ -818,9 +815,6 @@ static void init(int argc, char **argv)
        }
 
        pattern_finalize_config();
-#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
-       tlskeys_finalize_config();
-#endif
 
        err_code |= check_config_validity();
        if (err_code & (ERR_ABORT|ERR_FATAL)) {

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b39f3264e1386ae34589adc977127dac4ca35bbe..0228dd57fecffe453e88ce5d7eeec58e4db2493a 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -574,9 +574,10 @@ int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err) {
 }
 
 /* This function finalize the configuration parsing. Its set all the
- * automatic ids
+ * automatic ids. It's called just after the basic checks. It returns
+ * 0 on success otherwise ERR_*.
  */
-void tlskeys_finalize_config(void)
+static int tlskeys_finalize_config(void)
 {
        int i = 0;
        struct tls_keys_ref *ref, *ref2, *ref3;
@@ -618,6 +619,7 @@ void tlskeys_finalize_config(void)
        /* swap root */
        LIST_ADD(&tkr, &tlskeys_reference);
        LIST_DEL(&tkr);
+       return 0;
 }
 
 #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
@@ -6710,6 +6712,9 @@ static void __ssl_sock_init(void)
        srv_register_keywords(&srv_kws);
        cfg_register_keywords(&cfg_kws);
        cli_register_kw(&cli_kws);
+#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
+       hap_register_post_check(tlskeys_finalize_config);
+#endif
 
        ptr = NULL;
        memprintf(&ptr, "Built with OpenSSL version : "