From: Remi Tricot-Le Breton Date: Wed, 20 Mar 2024 13:13:38 +0000 (+0100) Subject: CLEANUP: ssl: Remove undocumented ocsp fetches X-Git-Tag: v3.0-dev6~72 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=099b5c421c5e2508730a276096e06f596633429e;p=thirdparty%2Fhaproxy.git CLEANUP: ssl: Remove undocumented ocsp fetches Those fetchess were undocumented and were just here so that the ocsp-update log could be made through a regular log format. But since the logging is now "handmade" (since BUG/MEDIUM: ssl: Fix crash in ocsp-update log function), we don't need those anymore. --- diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index e2e1143470..5a79d13fad 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -1890,93 +1890,6 @@ static void cli_release_show_ocsp_updates(struct appctx *appctx) } -static int -smp_fetch_ssl_ocsp_certid(const struct arg *args, struct sample *smp, const char *kw, void *private) -{ - struct buffer *data = get_trash_chunk(); - struct certificate_ocsp *ocsp = ssl_ocsp_task_ctx.cur_ocsp; - - if (!ocsp) - return 0; - - dump_binary(data, (char *)ocsp->key_data, ocsp->key_length); - - smp->data.type = SMP_T_STR; - smp->data.u.str = *data; - return 1; -} - -static int -smp_fetch_ssl_ocsp_certname(const struct arg *args, struct sample *smp, const char *kw, void *private) -{ - struct certificate_ocsp *ocsp = ssl_ocsp_task_ctx.cur_ocsp; - - if (!ocsp) - return 0; - - smp->data.type = SMP_T_STR; - smp->data.u.str.area = ocsp->path; - smp->data.u.str.data = strlen(ocsp->path); - return 1; -} - -static int -smp_fetch_ssl_ocsp_status(const struct arg *args, struct sample *smp, const char *kw, void *private) -{ - struct certificate_ocsp *ocsp = ssl_ocsp_task_ctx.cur_ocsp; - - if (!ocsp) - return 0; - - smp->data.type = SMP_T_SINT; - smp->data.u.sint = ssl_ocsp_task_ctx.update_status; - return 1; -} - -static int -smp_fetch_ssl_ocsp_status_str(const struct arg *args, struct sample *smp, const char *kw, void *private) -{ - struct certificate_ocsp *ocsp = ssl_ocsp_task_ctx.cur_ocsp; - - if (!ocsp) - return 0; - - if (ssl_ocsp_task_ctx.update_status >= OCSP_UPDT_ERR_LAST) - return 0; - - smp->data.type = SMP_T_STR; - smp->data.u.str = ist2buf(ocsp_update_errors[ssl_ocsp_task_ctx.update_status]); - - return 1; -} - -static int -smp_fetch_ssl_ocsp_fail_cnt(const struct arg *args, struct sample *smp, const char *kw, void *private) -{ - struct certificate_ocsp *ocsp = ssl_ocsp_task_ctx.cur_ocsp; - - if (!ocsp) - return 0; - - smp->data.type = SMP_T_SINT; - smp->data.u.sint = ocsp->num_failure; - return 1; -} - -static int -smp_fetch_ssl_ocsp_success_cnt(const struct arg *args, struct sample *smp, const char *kw, void *private) -{ - struct certificate_ocsp *ocsp = ssl_ocsp_task_ctx.cur_ocsp; - - if (!ocsp) - return 0; - - smp->data.type = SMP_T_SINT; - smp->data.u.sint = ocsp->num_success; - return 1; -} - - static struct cli_kw_list cli_kws = {{ },{ { { "set", "ssl", "ocsp-response", NULL }, "set ssl ocsp-response : update a certificate's OCSP Response from a base64-encode DER", cli_parse_set_ocspresponse, NULL }, @@ -1991,26 +1904,6 @@ static struct cli_kw_list cli_kws = {{ },{ INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws); -/* Note: must not be declared as its list will be overwritten. - * Please take care of keeping this list alphabetically sorted. - * - * Those fetches only have a valid value during an OCSP update process so they - * can only be used in a log format of a log line built by the update process - * task itself. - */ -static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { - { "ssl_ocsp_certid", smp_fetch_ssl_ocsp_certid, 0, NULL, SMP_T_STR, SMP_USE_L5SRV }, - { "ssl_ocsp_certname", smp_fetch_ssl_ocsp_certname, 0, NULL, SMP_T_STR, SMP_USE_L5SRV }, - { "ssl_ocsp_status", smp_fetch_ssl_ocsp_status, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV }, - { "ssl_ocsp_status_str", smp_fetch_ssl_ocsp_status_str, 0, NULL, SMP_T_STR, SMP_USE_L5SRV }, - { "ssl_ocsp_fail_cnt", smp_fetch_ssl_ocsp_fail_cnt, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV }, - { "ssl_ocsp_success_cnt", smp_fetch_ssl_ocsp_success_cnt, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV }, - { NULL, NULL, 0, 0, 0 }, -}}; - -INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords); - - /* * Local variables: * c-indent-level: 8