From: Willy Tarreau <w@1wt.eu>
Date: Thu, 4 Jun 2020 18:30:20 +0000 (+0200)
Subject: REORG: include: move ssl_sock.h to haproxy/ssl_sock{,-t}.h
X-Git-Tag: v2.2-dev9~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=209108dbbdebbe0ac0f3e782002f2b4caf75d874;p=thirdparty%2Fhaproxy.git

REORG: include: move ssl_sock.h to haproxy/ssl_sock{,-t}.h

Almost nothing changed, just moved a static inline at the end and moved
an export from the types to the main file.
---

diff --git a/contrib/prometheus-exporter/service-prometheus.c b/contrib/prometheus-exporter/service-prometheus.c
index d64d8ae72c..181d689d86 100644
--- a/contrib/prometheus-exporter/service-prometheus.c
+++ b/contrib/prometheus-exporter/service-prometheus.c
@@ -32,7 +32,7 @@
 #include <proto/proxy.h>
 #include <haproxy/sample.h>
 #include <proto/server.h>
-#include <proto/ssl_sock.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/stats.h>
 #include <proto/stream.h>
 #include <proto/stream_interface.h>
diff --git a/include/types/ssl_sock.h b/include/haproxy/ssl_sock-t.h
similarity index 98%
rename from include/types/ssl_sock.h
rename to include/haproxy/ssl_sock-t.h
index d2851c668e..437e563295 100644
--- a/include/types/ssl_sock.h
+++ b/include/haproxy/ssl_sock-t.h
@@ -1,5 +1,5 @@
 /*
- * include/types/ssl_sock.h
+ * include/haproxy/ssl_sock-t.h
  * SSL settings for listeners and servers
  *
  * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
@@ -19,18 +19,17 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  */
 
-#ifndef _TYPES_SSL_SOCK_H
-#define _TYPES_SSL_SOCK_H
+#ifndef _HAPROXY_SSL_SOCK_T_H
+#define _HAPROXY_SSL_SOCK_T_H
 #ifdef USE_OPENSSL
 
-#include <import/ebpttree.h>
-#include <import/ebmbtree.h>
 #include <import/eb64tree.h>
-
-#include <haproxy/connection-t.h> /* struct wait_event */
+#include <import/ebmbtree.h>
+#include <import/ebpttree.h>
 
 #include <haproxy/buf-t.h>
-#include <haproxy/thread.h>
+#include <haproxy/connection-t.h> /* struct wait_event */
+#include <haproxy/thread-t.h>
 #include <haproxy/list-t.h>
 #include <haproxy/listener-t.h>
 #include <haproxy/openssl-compat.h>
@@ -95,6 +94,22 @@ enum {
 	CONF_TLSV_MAX  = 5,
 };
 
+/* server and bind verify method, it uses a global value as default */
+enum {
+	SSL_SOCK_VERIFY_DEFAULT  = 0,
+	SSL_SOCK_VERIFY_REQUIRED = 1,
+	SSL_SOCK_VERIFY_OPTIONAL = 2,
+	SSL_SOCK_VERIFY_NONE     = 3,
+};
+
+/* states of the CLI IO handler for 'set ssl cert' */
+enum {
+	SETCERT_ST_INIT = 0,
+	SETCERT_ST_GEN,
+	SETCERT_ST_INSERT,
+	SETCERT_ST_FIN,
+};
+
 #if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
 typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
 #else /* openssl >= 1.1.0 */
@@ -109,14 +124,6 @@ struct methodVersions {
 	const char *name;
 };
 
-/* server and bind verify method, it uses a global value as default */
-enum {
-	SSL_SOCK_VERIFY_DEFAULT  = 0,
-	SSL_SOCK_VERIFY_REQUIRED = 1,
-	SSL_SOCK_VERIFY_OPTIONAL = 2,
-	SSL_SOCK_VERIFY_NONE     = 3,
-};
-
 struct pkey_info {
 	uint8_t sig;          /* TLSEXT_signature_[rsa,ecdsa,...] */
 	uint16_t bits;        /* key size in bits */
@@ -134,8 +141,6 @@ struct sni_ctx {
 	struct ebmb_node name;    /* node holding the servername value */
 };
 
-extern struct list tlskeys_reference;
-
 struct tls_sess_key_128 {
 	unsigned char name[16];
 	unsigned char aes_key[16];
@@ -171,14 +176,6 @@ struct sh_ssl_sess_hdr {
 	unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH];
 };
 
-/* states of the CLI IO handler for 'set ssl cert' */
-enum {
-	SETCERT_ST_INIT = 0,
-	SETCERT_ST_GEN,
-	SETCERT_ST_INSERT,
-	SETCERT_ST_FIN,
-};
-
 #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
 
 #define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
@@ -287,4 +284,4 @@ extern const char *SSL_SOCK_KEYTYPE_NAMES[];
 #endif
 
 #endif /* USE_OPENSSL */
-#endif /* _TYPES_SSL_SOCK_H */
+#endif /* _HAPROXY_SSL_SOCK_T_H */
diff --git a/include/proto/ssl_sock.h b/include/haproxy/ssl_sock.h
similarity index 95%
rename from include/proto/ssl_sock.h
rename to include/haproxy/ssl_sock.h
index e22d9a3b6d..1c4acd9444 100644
--- a/include/proto/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -1,5 +1,5 @@
 /*
- * include/proto/ssl_sock.h
+ * include/haproxy/ssl_sock.h
  * This file contains definition for ssl stream socket operations
  *
  * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
@@ -19,18 +19,20 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  */
 
-#ifndef _PROTO_SSL_SOCK_H
-#define _PROTO_SSL_SOCK_H
+#ifndef _HAPROXY_SSL_SOCK_H
+#define _HAPROXY_SSL_SOCK_H
 #ifdef USE_OPENSSL
 
+
 #include <haproxy/connection.h>
 #include <haproxy/openssl-compat.h>
+#include <haproxy/ssl_sock-t.h>
+#include <haproxy/pool-t.h>
+#include <haproxy/thread.h>
 
 #include <types/proxy.h>
-#include <types/ssl_sock.h>
-#include <types/stream_interface.h>
-
 
+extern struct list tlskeys_reference;
 extern int sslconns;
 extern int totalsslconns;
 extern struct eb_root ckchs_tree;
@@ -46,16 +48,6 @@ extern int nb_engines;
 extern struct xprt_ops ssl_sock;
 extern int ssl_capture_ptr_index;
 
-/* boolean, returns true if connection is over SSL */
-static inline
-int ssl_sock_is_ssl(struct connection *conn)
-{
-	if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
-		return 0;
-	else
-		return 1;
-}
-
 int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *, SSL_CTX *ctx, char **err);
 int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf);
 int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf);
@@ -129,8 +121,19 @@ int ssl_sock_register_msg_callback(ssl_sock_msg_callback_func func);
 
 SSL *ssl_sock_get_ssl_object(struct connection *conn);
 
+/* boolean, returns true if connection is over SSL */
+static inline
+int ssl_sock_is_ssl(struct connection *conn)
+{
+	if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
+		return 0;
+	else
+		return 1;
+}
+
+
 #endif /* USE_OPENSSL */
-#endif /* _PROTO_SSL_SOCK_H */
+#endif /* _HAPROXY_SSL_SOCK_H */
 
 /*
  * Local variables:
diff --git a/include/types/server.h b/include/types/server.h
index 1f9ef1f69a..587b069973 100644
--- a/include/types/server.h
+++ b/include/types/server.h
@@ -32,6 +32,7 @@
 #include <haproxy/list-t.h>
 #include <haproxy/listener-t.h>
 #include <haproxy/obj_type-t.h>
+#include <haproxy/ssl_sock-t.h>
 #include <haproxy/thread.h>
 #include <haproxy/openssl-compat.h>
 
@@ -40,7 +41,6 @@
 #include <haproxy/connection-t.h>
 #include <haproxy/freq_ctr-t.h>
 #include <types/queue.h>
-#include <types/ssl_sock.h>
 #include <haproxy/task-t.h>
 
 
diff --git a/src/backend.c b/src/backend.c
index 838769425e..b730df7753 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -35,6 +35,7 @@
 #include <haproxy/obj_type.h>
 #include <haproxy/payload.h>
 #include <haproxy/session.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/task.h>
 #include <haproxy/ticks.h>
 #include <haproxy/time.h>
@@ -55,7 +56,6 @@
 #include <proto/server.h>
 #include <proto/stream.h>
 #include <proto/stream_interface.h>
-#include <proto/ssl_sock.h>
 
 #define TRACE_SOURCE &trace_strm
 
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index aeb6f84927..831bdb41f0 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -36,10 +36,7 @@
 #include <common/cfgparse.h>
 #include <haproxy/listener.h>
 #include <haproxy/openssl-compat.h>
-
-#include <types/ssl_sock.h>
-
-#include <proto/ssl_sock.h>
+#include <haproxy/ssl_sock.h>
 
 
 /****************** Global Section Parsing ********************************************/
diff --git a/src/check.c b/src/check.c
index 6e8e2383c4..edb4fea4b8 100644
--- a/src/check.c
+++ b/src/check.c
@@ -47,6 +47,7 @@
 #include <haproxy/h1.h>
 #include <haproxy/htx.h>
 #include <haproxy/signal.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/stats-t.h>
 #include <haproxy/task.h>
 #include <haproxy/vars.h>
@@ -66,7 +67,6 @@
 #include <proto/stream_interface.h>
 #include <proto/log.h>
 #include <haproxy/proto_udp.h>
-#include <proto/ssl_sock.h>
 #include <haproxy/sample.h>
 
 static int tcpcheck_get_step_id(struct check *, struct tcpcheck_rule *);
diff --git a/src/connection.c b/src/connection.c
index a777b9fa12..6575230b80 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -24,7 +24,7 @@
 #include <haproxy/proto_tcp.h>
 #include <proto/stream_interface.h>
 #include <haproxy/sample.h>
-#include <proto/ssl_sock.h>
+#include <haproxy/ssl_sock.h>
 
 
 DECLARE_POOL(pool_head_connection, "connection",  sizeof(struct connection));
diff --git a/src/haproxy.c b/src/haproxy.c
index c717577a2d..e3b140b892 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -106,6 +106,7 @@
 #include <haproxy/regex.h>
 #include <haproxy/session.h>
 #include <haproxy/signal.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/tools.h>
 #include <haproxy/time.h>
 #include <haproxy/uri_auth-t.h>
@@ -131,7 +132,6 @@
 #include <proto/queue.h>
 #include <proto/server.h>
 #include <proto/stream.h>
-#include <proto/ssl_sock.h>
 
 /* array of init calls for older platforms */
 DECLARE_INIT_STAGES;
diff --git a/src/log.c b/src/log.c
index fcf61b1b45..bafd8782eb 100644
--- a/src/log.c
+++ b/src/log.c
@@ -29,6 +29,7 @@
 #include <haproxy/cli.h>
 #include <haproxy/frontend.h>
 #include <haproxy/http.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/tools.h>
 #include <haproxy/time.h>
 #include <haproxy/version.h>
@@ -41,7 +42,6 @@
 #include <haproxy/ring.h>
 #include <haproxy/sample.h>
 #include <haproxy/sink.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream.h>
 #include <proto/stream_interface.h>
 
diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c
index 6346c8e707..201de593da 100644
--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@@ -23,12 +23,12 @@
 #include <haproxy/net_helper.h>
 #include <haproxy/regex.h>
 #include <haproxy/session-t.h>
+#include <haproxy/ssl_sock.h>
 
 #include <types/proxy.h>
 
 #include <proto/fcgi-app.h>
 #include <proto/log.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream.h>
 #include <proto/stream_interface.h>
 #include <haproxy/trace.h>
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 1125961e9f..d0699ef8a2 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -25,15 +25,13 @@
 #include <haproxy/cli.h>
 #include <haproxy/errors.h>
 #include <haproxy/ssl_ckch.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
 #include <haproxy/tools.h>
 
 #include <import/ebsttree.h>
 
-#include <types/ssl_sock.h>
-
 #include <proto/channel.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream_interface.h>
 
 /* Uncommitted CKCH transaction */
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index ab88dcb442..7036fdc35a 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -19,17 +19,15 @@
 #include <haproxy/errors.h>
 #include <haproxy/ssl_ckch.h>
 #include <haproxy/ssl_crtlist.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/tools.h>
 
 #include <dirent.h>
 #include <import/ebpttree.h>
 #include <import/ebsttree.h>
 
-#include <types/ssl_sock.h>
-
 #include <proto/channel.h>
 #include <proto/stream_interface.h>
-#include <proto/ssl_sock.h>
 
 /* release ssl bind conf */
 void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 8314f3da31..70b35b2af5 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -26,13 +26,11 @@
 #include <haproxy/obj_type.h>
 #include <haproxy/openssl-compat.h>
 #include <haproxy/sample.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
 #include <haproxy/tools.h>
 
-#include <types/ssl_sock.h>
-
 #include <haproxy/arg.h>
-#include <proto/ssl_sock.h>
 
 
 /***** Below are some sample fetching functions for ACL/patterns *****/
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 35c03a8ccd..914c22f162 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -57,6 +57,7 @@
 #include <haproxy/shctx.h>
 #include <haproxy/ssl_ckch.h>
 #include <haproxy/ssl_crtlist.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
 #include <haproxy/stats-t.h>
 #include <haproxy/task.h>
@@ -69,8 +70,6 @@
 #include <import/ebpttree.h>
 #include <import/ebsttree.h>
 
-#include <types/ssl_sock.h>
-
 #include <haproxy/arg.h>
 #include <proto/channel.h>
 #include <haproxy/fd.h>
@@ -81,7 +80,6 @@
 #include <proto/stream_interface.h>
 #include <proto/log.h>
 #include <proto/proxy.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream.h>
 
 /* ***** READ THIS before adding code here! *****
diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index 38efe7ec46..510b5da80c 100644
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@ -15,10 +15,7 @@
 #include <haproxy/api.h>
 #include <haproxy/buf-t.h>
 #include <haproxy/openssl-compat.h>
-
-#include <proto/ssl_sock.h>
-
-#include <types/ssl_sock.h>
+#include <haproxy/ssl_sock.h>
 
 /* fill a buffer with the algorithm and size of a public key */
 int cert_get_pkey_algo(X509 *crt, struct buffer *out)
diff --git a/src/stats.c b/src/stats.c
index e62f0e4190..17d4ddaa9f 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -43,6 +43,7 @@
 #include <haproxy/map-t.h>
 #include <haproxy/pattern-t.h>
 #include <haproxy/session.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/stats.h>
 #include <haproxy/task.h>
 #include <haproxy/tools.h>
@@ -59,7 +60,6 @@
 #include <proto/log.h>
 #include <haproxy/pipe.h>
 #include <proto/proxy.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream.h>
 #include <proto/server.h>
 #include <proto/stream_interface.h>
diff --git a/src/tools.c b/src/tools.c
index a9ad82b6e9..59903b1fd9 100644
--- a/src/tools.c
+++ b/src/tools.c
@@ -46,10 +46,10 @@
 #include <haproxy/hlua.h>
 #include <haproxy/listener.h>
 #include <haproxy/namespace.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/task.h>
 #include <haproxy/tools.h>
 #include <haproxy/proto_udp.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream_interface.h>
 
 /* This macro returns false if the test __x is false. Many