From: Willy Tarreau Date: Thu, 22 Dec 2016 16:30:54 +0000 (+0100) Subject: MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() X-Git-Tag: v1.8-dev1~204 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=795cdabb570f8829f306b13b773f204915b70d62;p=thirdparty%2Fhaproxy.git MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() Instead of hard-coding all SSL destruction in cfgparse.c and haproxy.c, we now register this new function as the transport layer's destroy_bind_conf() and call it only when defined. This removes some non-obvious SSL-specific code and #ifdefs from cfgparse.c and haproxy.c --- diff --git a/src/cfgparse.c b/src/cfgparse.c index f1f0f9ba02..6d446ad3fc 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -8801,31 +8801,8 @@ out_uri_auth_compat: /* Release unused SSL configs */ list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) { - if (bind_conf->is_ssl) - continue; -#ifdef USE_OPENSSL - ssl_sock_free_ca(bind_conf); - ssl_sock_free_all_ctx(bind_conf); - free(bind_conf->ca_file); - free(bind_conf->ca_sign_file); - free(bind_conf->ca_sign_pass); - free(bind_conf->ciphers); - free(bind_conf->ecdhe); - free(bind_conf->crl_file); - if(bind_conf->keys_ref) { - free(bind_conf->keys_ref->filename); - free(bind_conf->keys_ref->tlskeys); - LIST_DEL(&bind_conf->keys_ref->list); - free(bind_conf->keys_ref); - } - bind_conf->keys_ref = NULL; - bind_conf->crl_file = NULL; - bind_conf->ecdhe = NULL; - bind_conf->ciphers = NULL; - bind_conf->ca_sign_pass = NULL; - bind_conf->ca_sign_file = NULL; - bind_conf->ca_file = NULL; -#endif /* USE_OPENSSL */ + if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf) + bind_conf->xprt->destroy_bind_conf(bind_conf); } if (my_popcountl(curproxy->bind_proc & nbits(global.nbproc)) > 1) { diff --git a/src/haproxy.c b/src/haproxy.c index ef846fe4e2..adffda9240 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -1466,16 +1466,8 @@ static void deinit(void) /* Release unused SSL configs. */ list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) { -#ifdef USE_OPENSSL - ssl_sock_free_ca(bind_conf); - ssl_sock_free_all_ctx(bind_conf); - free(bind_conf->ca_file); - free(bind_conf->ca_sign_file); - free(bind_conf->ca_sign_pass); - free(bind_conf->ciphers); - free(bind_conf->ecdhe); - free(bind_conf->crl_file); -#endif /* USE_OPENSSL */ + if (bind_conf->xprt->destroy_bind_conf) + bind_conf->xprt->destroy_bind_conf(bind_conf); free(bind_conf->file); free(bind_conf->arg); LIST_DEL(&bind_conf->by_fe); diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 490003f40b..ae821e0077 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3308,6 +3308,32 @@ void ssl_sock_free_all_ctx(struct bind_conf *bind_conf) bind_conf->default_ctx = NULL; } +/* Destroys all the contexts for a bind_conf. This is used during deinit(). */ +void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf) +{ + ssl_sock_free_ca(bind_conf); + ssl_sock_free_all_ctx(bind_conf); + free(bind_conf->ca_file); + free(bind_conf->ca_sign_file); + free(bind_conf->ca_sign_pass); + free(bind_conf->ciphers); + free(bind_conf->ecdhe); + free(bind_conf->crl_file); + if (bind_conf->keys_ref) { + free(bind_conf->keys_ref->filename); + free(bind_conf->keys_ref->tlskeys); + LIST_DEL(&bind_conf->keys_ref->list); + free(bind_conf->keys_ref); + } + bind_conf->keys_ref = NULL; + bind_conf->crl_file = NULL; + bind_conf->ecdhe = NULL; + bind_conf->ciphers = NULL; + bind_conf->ca_sign_pass = NULL; + bind_conf->ca_sign_file = NULL; + bind_conf->ca_file = NULL; +} + /* Load CA cert file and private key used to generate certificates */ int ssl_sock_load_ca(struct bind_conf *bind_conf) @@ -6632,6 +6658,7 @@ struct xprt_ops ssl_sock = { .close = ssl_sock_close, .init = ssl_sock_init, .prepare_bind_conf = ssl_sock_prepare_bind_conf, + .destroy_bind_conf = ssl_sock_destroy_bind_conf, .name = "SSL", };