From: Willy Tarreau Date: Fri, 16 Dec 2016 17:47:27 +0000 (+0100) Subject: MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union X-Git-Tag: v1.8-dev1~256 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f5f26e824a45c28110ad7e84306565fbf3df5e84;p=thirdparty%2Fhaproxy.git MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union This one now migrates to the general purpose cli.p0 for the ref pointer, cli.i0 for the dump_all flag and cli.i1 for the dump_keys_index. A few comments were added. The applet.h file doesn't depend on openssl anymore. It's worth noting that the previous dependency was accidental and only used to work because all files including this one used to have openssl included prior to loading this file. --- diff --git a/include/types/applet.h b/include/types/applet.h index fbfc83fa7f..759b905b3f 100644 --- a/include/types/applet.h +++ b/include/types/applet.h @@ -142,13 +142,6 @@ struct appctx { struct pattern_expr *expr; struct chunk chunk; } map; -#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0) - struct { - int dump_all; - int dump_keys_index; - struct tls_keys_ref *ref; - } tlskeys; -#endif struct { struct hlua *hlua; struct task *task; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 0a06adbbe7..9628c5d4d2 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -6037,6 +6037,9 @@ static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) { return cli_io_handler_tlskeys_files(appctx); } +/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1 + * (next index to be dumped), and cli.p0 (next key reference). + */ static int cli_io_handler_tlskeys_files(struct appctx *appctx) { struct stream_interface *si = appctx->owner; @@ -6059,40 +6062,40 @@ static int cli_io_handler_tlskeys_files(struct appctx *appctx) { return 0; } - appctx->ctx.tlskeys.dump_keys_index = 0; - /* Now, we start the browsing of the references lists. * Note that the following call to LIST_ELEM return bad pointer. The only * available field of this pointer is . It is used with the function * tlskeys_list_get_next() for retruning the first available entry */ - if (appctx->ctx.tlskeys.ref == NULL) { - appctx->ctx.tlskeys.ref = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list); - appctx->ctx.tlskeys.ref = tlskeys_list_get_next(appctx->ctx.tlskeys.ref, &tlskeys_reference); + if (appctx->ctx.cli.p0 == NULL) { + appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list); + appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference); } appctx->st2 = STAT_ST_LIST; /* fall through */ case STAT_ST_LIST: - while (appctx->ctx.tlskeys.ref) { - int head = appctx->ctx.tlskeys.ref->tls_ticket_enc_index; + while (appctx->ctx.cli.p0) { + struct tls_keys_ref *ref = appctx->ctx.cli.p0; + int head = ref->tls_ticket_enc_index; chunk_reset(&trash); - if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.tlskeys.dump_keys_index == 0) + if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0) chunk_appendf(&trash, "# "); - if (appctx->ctx.tlskeys.dump_keys_index == 0) - chunk_appendf(&trash, "%d (%s)\n", appctx->ctx.tlskeys.ref->unique_id, - appctx->ctx.tlskeys.ref->filename); + + if (appctx->ctx.cli.i1 == 0) + chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename); + if (appctx->io_handler == cli_io_handler_tlskeys_entries) { - while (appctx->ctx.tlskeys.dump_keys_index < TLS_TICKETS_NO) { + while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) { struct chunk *t2 = get_trash_chunk(); chunk_reset(t2); /* should never fail here because we dump only a key in the t2 buffer */ - t2->len = a2base64((char *)(appctx->ctx.tlskeys.ref->tlskeys + (head + 2 + appctx->ctx.tlskeys.dump_keys_index) % TLS_TICKETS_NO), + t2->len = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO), sizeof(struct tls_sess_key), t2->str, t2->size); - chunk_appendf(&trash, "%d.%d %s\n", appctx->ctx.tlskeys.ref->unique_id, appctx->ctx.tlskeys.dump_keys_index, t2->str); + chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1, t2->str); if (bi_putchk(si_ic(si), &trash) == -1) { /* let's try again later from this stream. We add ourselves into @@ -6101,9 +6104,9 @@ static int cli_io_handler_tlskeys_files(struct appctx *appctx) { si_applet_cant_put(si); return 0; } - appctx->ctx.tlskeys.dump_keys_index++; + appctx->ctx.cli.i1++; } - appctx->ctx.tlskeys.dump_keys_index = 0; + appctx->ctx.cli.i1 = 0; } if (bi_putchk(si_ic(si), &trash) == -1) { /* let's try again later from this stream. We add ourselves into @@ -6113,12 +6116,11 @@ static int cli_io_handler_tlskeys_files(struct appctx *appctx) { return 0; } - if (appctx->ctx.tlskeys.dump_all == 0) /* don't display everything if not necessary */ + if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */ break; /* get next list entry and check the end of the list */ - appctx->ctx.tlskeys.ref = tlskeys_list_get_next(appctx->ctx.tlskeys.ref, &tlskeys_reference); - + appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference); } appctx->st2 = STAT_ST_FIN; @@ -6133,23 +6135,22 @@ static int cli_io_handler_tlskeys_files(struct appctx *appctx) { #endif +/* sets cli.i0 to non-zero if only file lists should be dumped */ static int cli_parse_show_tlskeys(char **args, struct appctx *appctx, void *private) { - appctx->ctx.tlskeys.dump_all = 0; /* no parameter, shows only file list */ if (!*args[2]) { - appctx->ctx.tlskeys.dump_all = 1; + appctx->ctx.cli.i0 = 1; appctx->io_handler = cli_io_handler_tlskeys_files; return 0; } if (args[2][0] == '*') { /* list every TLS ticket keys */ - appctx->ctx.tlskeys.ref = NULL; - appctx->ctx.tlskeys.dump_all = 1; + appctx->ctx.cli.i0 = 1; } else { - appctx->ctx.tlskeys.ref = tlskeys_ref_lookup_ref(args[2]); - if (!appctx->ctx.tlskeys.ref) { + appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]); + if (!appctx->ctx.cli.p0) { appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n"; appctx->st0 = CLI_ST_PRINT; return 1; @@ -6162,6 +6163,8 @@ static int cli_parse_show_tlskeys(char **args, struct appctx *appctx, void *priv static int cli_parse_set_tlskeys(char **args, struct appctx *appctx, void *private) { + struct tls_keys_ref *ref; + /* Expect two parameters: the filename and the new new TLS key in encoding */ if (!*args[3] || !*args[4]) { appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n"; @@ -6169,8 +6172,8 @@ static int cli_parse_set_tlskeys(char **args, struct appctx *appctx, void *priva return 1; } - appctx->ctx.tlskeys.ref = tlskeys_ref_lookup_ref(args[3]); - if(!appctx->ctx.tlskeys.ref) { + ref = tlskeys_ref_lookup_ref(args[3]); + if (!ref) { appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n"; appctx->st0 = CLI_ST_PRINT; return 1; @@ -6183,8 +6186,8 @@ static int cli_parse_set_tlskeys(char **args, struct appctx *appctx, void *priva return 1; } - memcpy(appctx->ctx.tlskeys.ref->tlskeys + ((appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO), trash.str, trash.len); - appctx->ctx.tlskeys.ref->tls_ticket_enc_index = (appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO; + memcpy(ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO), trash.str, trash.len); + ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO; appctx->ctx.cli.msg = "TLS ticket key updated!"; appctx->st0 = CLI_ST_PRINT;