From: Willy Tarreau <w@1wt.eu>
Date: Wed, 21 Dec 2016 22:17:25 +0000 (+0100)
Subject: MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock
X-Git-Tag: v1.8-dev1~219
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0bea58d641ea6b5ae76d957faf1de4edd7127161;p=thirdparty%2Fhaproxy.git

MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock

This one simply reuses the existing integer parser. It implicitly
adds a control against negative numbers.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index c35eea4ceb..0ece4fdebf 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1104,22 +1104,6 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
 			err_code |= ERR_ALERT;
 		}
 #endif /* SYSTEM_MAXCONN */
-	}
-	else if (!strcmp(args[0], "maxsslconn")) {
-#ifdef USE_OPENSSL
-		if (alertif_too_many_args(1, file, linenum, args, &err_code))
-			goto out;
-		if (*(args[1]) == 0) {
-			Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
-			err_code |= ERR_ALERT | ERR_FATAL;
-			goto out;
-		}
-		global.maxsslconn = atol(args[1]);
-#else
-		Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
-		err_code |= ERR_ALERT | ERR_FATAL;
-		goto out;
-#endif
 	}
 	else if (!strcmp(args[0], "ssl-default-bind-ciphers")) {
 #ifdef USE_OPENSSL
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6709d64283..66280beb23 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6025,6 +6025,8 @@ static int ssl_parse_global_int(char **args, int section_type, struct proxy *cur
 		target = (int *)&global.tune.ssl_max_record;
 	else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
 		target = &global.tune.ssl_ctx_cache;
+	else if (strcmp(args[0], "maxsslconn") == 0)
+		target = &global.maxsslconn;
 	else {
 		memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
 		return -1;
@@ -6510,6 +6512,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
 static struct cfg_kw_list cfg_kws = {ILH, {
 	{ CFG_GLOBAL, "ca-base",  ssl_parse_global_ca_crt_base },
 	{ CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
+	{ CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
 	{ CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
 	{ CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
 	{ CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },