git.ipfire.org Git - thirdparty/haproxy.git/commit

author	William Lallemand <wlallemand@haproxy.com>
	Thu, 2 May 2024 15:46:06 +0000 (17:46 +0200)
committer	William Lallemand <wlallemand@haproxy.com>
	Fri, 17 May 2024 15:35:51 +0000 (17:35 +0200)
commit	58103bc8e60a22d3d7dafade708115dfb7d8e135
tree	efc6c421e61a884e012cbf9e35bed2a0983f66c6	tree \| snapshot
parent	1bc6e990f2dae7e573a193e96ccb84f16ca854d7	commit \| diff

MINOR: ssl: ckch_conf_cmp() compare multiple ckch_conf structures

The ckch_conf_cmp() function allow to compare multiple ckch_conf
structures in order to check that multiple usage of the same crt in the
configuration uses the same ckch_conf definition.

A crt-list allows to use "crt-store" keywords that defines a ckch_store,
that can lead to inconsistencies when a crt is called multiple time with
different parameters.

This function compare and dump a list of differences in the err variable
to be output as error.

The variant ckch_conf_cmp_empty() compares the ckch_conf structure to an
empty one, which is useful for bind lines, that are not able to have
crt-store keywords.

These functions are used when a crt-store is already inialized and we
need to verify if the parameters are compatible.

ckch_conf_cmp() handles multiple cases:

- When the previous ckch_conf was declared with CKCH_CONF_SET_EMPTY, we
  can't define any new keyword in the next initialisation
- When the previous ckch_conf was declared with keywords in a crtlist
  (CKCH_CONF_SET_CRTLIST), the next initialisation must have the exact
  same keywords.
- When the previous ckch_conf was declared in a "crt-store"
  (CKCH_CONF_SET_CRTSTORE), the next initialisaton could use no keyword
  at all or the exact same keywords.

include/haproxy/ssl_ckch-t.h		diff \| blob \| blame \| history
include/haproxy/ssl_ckch.h		diff \| blob \| blame \| history
src/ssl_ckch.c		diff \| blob \| blame \| history
src/ssl_crtlist.c		diff \| blob \| blame \| history
src/ssl_sock.c		diff \| blob \| blame \| history