* maxconn setting to the global.maxsock value so that its resources are reserved.
*/
+/* flags used with bind_conf->options */
+#define BC_O_USE_SSL 0x00000001 /* SSL is being used on this bind_conf */
+
+
/* flags used with bind_conf->ssl_options */
#ifdef USE_OPENSSL
#define BC_SSL_O_NONE 0x0000
const struct mux_proto_list *mux_proto; /* the mux to use for all incoming connections (specified by the "proto" keyword) */
struct xprt_ops *xprt; /* transport-layer operations for all listeners */
uint options; /* set of BC_O_* flags */
- int is_ssl; /* SSL is required for these listeners */
int generate_certs; /* 1 if generate-certificates option is set, else 0 */
int level; /* stats access level (ACCESS_LVL_*) */
int severity_output; /* default severity output format in cli feedback messages */
/* Do not change the xprt for QUIC. */
if (conf->xprt != xprt_get(XPRT_QUIC))
conf->xprt = &ssl_sock;
- conf->is_ssl = 1;
+ conf->options |= BC_O_USE_SSL;
if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
/* smart accept mode is automatic in HTTP mode */
if ((curproxy->options2 & PR_O2_SMARTACC) ||
- ((curproxy->mode == PR_MODE_HTTP || listener->bind_conf->is_ssl) &&
+ ((curproxy->mode == PR_MODE_HTTP || (listener->bind_conf->options & BC_O_USE_SSL)) &&
!(curproxy->no_options2 & PR_O2_SMARTACC)))
listener->options |= LI_O_NOQUICKACK;
}
/* Release unused SSL configs */
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
- if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf)
+ if (!(bind_conf->options & BC_O_USE_SSL) && bind_conf->xprt->destroy_bind_conf)
bind_conf->xprt->destroy_bind_conf(bind_conf);
}
struct session *sess = conn->owner;
struct listener *li = sess->listener;
- if (li->bind_conf && li->bind_conf->is_ssl) {
+ if (li->bind_conf && li->bind_conf->options & BC_O_USE_SSL) {
ctx_alpn_str = li->bind_conf->ssl_conf.alpn_str;
ctx_alpn_len = li->bind_conf->ssl_conf.alpn_len;
}
if (!(li->options & LI_O_UNLIMITED)) {
HA_ATOMIC_UPDATE_MAX(&global.sps_max,
update_freq_ctr(&global.sess_per_sec, 1));
- if (li->bind_conf && li->bind_conf->is_ssl) {
+ if (li->bind_conf && li->bind_conf->options & BC_O_USE_SSL) {
HA_ATOMIC_UPDATE_MAX(&global.ssl_max,
update_freq_ctr(&global.ssl_per_sec, 1));
}
max_accept = max;
}
#ifdef USE_OPENSSL
- if (!(l->options & LI_O_UNLIMITED) && global.ssl_lim && l->bind_conf && l->bind_conf->is_ssl) {
+ if (!(l->options & LI_O_UNLIMITED) && global.ssl_lim &&
+ l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
int max = freq_ctr_remain(&global.ssl_per_sec, global.ssl_lim, 0);
if (unlikely(!max)) {
HA_ATOMIC_UPDATE_MAX(&global.sps_max, count);
}
#ifdef USE_OPENSSL
- if (!(l->options & LI_O_UNLIMITED) && l->bind_conf && l->bind_conf->is_ssl) {
+ if (!(l->options & LI_O_UNLIMITED) &&
+ l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
count = update_freq_ctr(&global.ssl_per_sec, 1);
HA_ATOMIC_UPDATE_MAX(&global.ssl_max, count);
}
int alloc_ctx;
int err;
- if (!bind_conf->is_ssl) {
+ if (!(bind_conf->options & BC_O_USE_SSL)) {
if (bind_conf->default_ctx) {
ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
projects / thirdparty / haproxy.git / commitdiff
