MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock

These ones are pretty similar, just an strdup. Contrary to ca-base
and crt-base they support being changed.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 0ece4fdebf28d3c8015e49036badb2678f242076..24bccd29f9568b99270f18d0d2b1b3e5a3eb16a1 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1105,40 +1105,6 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
                }
 #endif /* SYSTEM_MAXCONN */
        }
-       else if (!strcmp(args[0], "ssl-default-bind-ciphers")) {
-#ifdef USE_OPENSSL
-               if (alertif_too_many_args(1, file, linenum, args, &err_code))
-                       goto out;
-               if (*(args[1]) == 0) {
-                       Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
-                       err_code |= ERR_ALERT | ERR_FATAL;
-                       goto out;
-               }
-               free(global.listen_default_ciphers);
-               global.listen_default_ciphers = strdup(args[1]);
-#else
-               Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
-               err_code |= ERR_ALERT | ERR_FATAL;
-               goto out;
-#endif
-       }
-       else if (!strcmp(args[0], "ssl-default-server-ciphers")) {
-#ifdef USE_OPENSSL
-               if (alertif_too_many_args(1, file, linenum, args, &err_code))
-                       goto out;
-               if (*(args[1]) == 0) {
-                       Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
-                       err_code |= ERR_ALERT | ERR_FATAL;
-                       goto out;
-               }
-               free(global.connect_default_ciphers);
-               global.connect_default_ciphers = strdup(args[1]);
-#else
-               Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
-               err_code |= ERR_ALERT | ERR_FATAL;
-               goto out;
-#endif
-       }
 #ifdef USE_OPENSSL
 #ifndef OPENSSL_NO_DH
        else if (!strcmp(args[0], "ssl-dh-param-file")) {

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 66280beb23838216518396dacfa5f5a471babe72..0ac73159b12e0f35c5e553cb56fd86a8e6290829 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6010,6 +6010,30 @@ static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct pr
        return 0;
 }
 
+/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
+ * in global section. Returns <0 on alert, >0 on warning, 0 on success.
+ */
+static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
+                                    struct proxy *defpx, const char *file, int line,
+                                    char **err)
+{
+       char **target;
+
+       target = (args[0][12] == 'b') ? &global.listen_default_ciphers : &global.connect_default_ciphers;
+
+       if (too_many_args(1, args, err, NULL))
+               return -1;
+
+       if (*(args[1]) == 0) {
+               memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
+               return -1;
+       }
+
+       free(*target);
+       *target = strdup(args[1]);
+       return 0;
+}
+
 /* parse various global tune.ssl settings consisting in positive integers.
  * Returns <0 on alert, >0 on warning, 0 on success.
  */
@@ -6523,6 +6547,8 @@ static struct cfg_kw_list cfg_kws = {ILH, {
        { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
        { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
        { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
+       { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
+       { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
        { 0, NULL, NULL },
 }};