From: Willy Tarreau Date: Wed, 21 Dec 2016 21:44:46 +0000 (+0100) Subject: MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock X-Git-Tag: v1.8-dev1~221 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8c3b0fd273bc26a8ef71b53052f7a295431adf0b;p=thirdparty%2Fhaproxy.git MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock This removes 2 #ifdefs and makes the code much cleaner. The controls are still there and the two parsers have been merged into a single function ssl_parse_global_ca_crt_base(). It's worth noting that there's still a check to prevent a change when the value was already specified. This test seems useless and possibly counter-productive, it may have to be revisited later, but for now it was implemented identically. --- diff --git a/src/cfgparse.c b/src/cfgparse.c index 771dbe9529..6b4c9c900f 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -627,48 +627,6 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm) alertif_too_many_args(0, file, linenum, args, &err_code); goto out; } - else if (!strcmp(args[0], "ca-base")) { -#ifdef USE_OPENSSL - if(alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - if (global.ca_base != NULL) { - Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]); - err_code |= ERR_ALERT; - goto out; - } - if (*(args[1]) == 0) { - Alert("parsing [%s:%d] : '%s' expects a directory path as an argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - global.ca_base = strdup(args[1]); -#else - Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; -#endif - } - else if (!strcmp(args[0], "crt-base")) { -#ifdef USE_OPENSSL - if (alertif_too_many_args(1, file, linenum, args, &err_code)) - goto out; - if (global.crt_base != NULL) { - Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]); - err_code |= ERR_ALERT; - goto out; - } - if (*(args[1]) == 0) { - Alert("parsing [%s:%d] : '%s' expects a directory path as an argument.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; - } - global.crt_base = strdup(args[1]); -#else - Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; -#endif - } else if (!strcmp(args[0], "daemon")) { if (alertif_too_many_args(0, file, linenum, args, &err_code)) goto out; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 5f9c8f3f3a..830b9e2815 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5983,6 +5983,33 @@ static int ssl_parse_default_server_options(char **args, int section_type, struc return 0; } +/* parse the "ca-base" / "crt-base" keywords in global section. + * Returns <0 on alert, >0 on warning, 0 on success. + */ +static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx, + struct proxy *defpx, const char *file, int line, + char **err) +{ + char **target; + + target = (args[0][1] == 'a') ? &global.ca_base : &global.crt_base; + + if (too_many_args(1, args, err, NULL)) + return -1; + + if (*target) { + memprintf(err, "'%s' already specified.", args[0]); + return -1; + } + + if (*(args[1]) == 0) { + memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]); + return -1; + } + *target = strdup(args[1]); + return 0; +} + /* This function is used with TLS ticket keys management. It permits to browse * each reference. The variable must contain the current node, * point to the root node. @@ -6380,6 +6407,8 @@ static struct srv_kw_list srv_kws = { "SSL", { }, { }}; static struct cfg_kw_list cfg_kws = {ILH, { + { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base }, + { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base }, { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options }, { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options }, { 0, NULL, NULL },