From: Willy Tarreau Date: Thu, 22 Dec 2016 21:46:15 +0000 (+0100) Subject: CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback X-Git-Tag: v1.8-dev1~197 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d1c5750370255e25774cbd672f00b50c4652156e;p=thirdparty%2Fhaproxy.git CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback tlskeys_finalize_config() was the only reason for haproxy.c to still require ifdef and includes for ssl_sock. This one fits perfectly well in the late initializers so it was changed to be registered with hap_register_post_check(). --- diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h index d3756a1294..9f43adc3aa 100644 --- a/include/proto/ssl_sock.h +++ b/include/proto/ssl_sock.h @@ -65,7 +65,6 @@ int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err); int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err); struct tls_keys_ref *tlskeys_ref_lookup(const char *filename); struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id); -void tlskeys_finalize_config(void); #endif #ifndef OPENSSL_NO_DH int ssl_sock_load_global_dh_param_from_file(const char *filename); diff --git a/src/haproxy.c b/src/haproxy.c index 611371ca24..30991a9428 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -109,9 +109,6 @@ #include #include -#ifdef USE_OPENSSL -#include -#endif /* list of config files */ static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles); @@ -818,9 +815,6 @@ static void init(int argc, char **argv) } pattern_finalize_config(); -#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0) - tlskeys_finalize_config(); -#endif err_code |= check_config_validity(); if (err_code & (ERR_ABORT|ERR_FATAL)) { diff --git a/src/ssl_sock.c b/src/ssl_sock.c index b39f3264e1..0228dd57fe 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -574,9 +574,10 @@ int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err) { } /* This function finalize the configuration parsing. Its set all the - * automatic ids + * automatic ids. It's called just after the basic checks. It returns + * 0 on success otherwise ERR_*. */ -void tlskeys_finalize_config(void) +static int tlskeys_finalize_config(void) { int i = 0; struct tls_keys_ref *ref, *ref2, *ref3; @@ -618,6 +619,7 @@ void tlskeys_finalize_config(void) /* swap root */ LIST_ADD(&tkr, &tlskeys_reference); LIST_DEL(&tkr); + return 0; } #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */ @@ -6710,6 +6712,9 @@ static void __ssl_sock_init(void) srv_register_keywords(&srv_kws); cfg_register_keywords(&cfg_kws); cli_register_kw(&cli_kws); +#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0) + hap_register_post_check(tlskeys_finalize_config); +#endif ptr = NULL; memprintf(&ptr, "Built with OpenSSL version : "