CLEANUP: ssl/cli: use the list of filters in the crtlist_entry

In 'commit ssl cert', instead of trying to regenerate a list of filters
from the SNIs, use the list provided by the crtlist_entry used to
generate the ckch_inst.

This list of filters doesn't need to be free'd anymore since they are
always reused from the crtlist_entry.

diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h
index dd286bb2614aac3972aaeabb747b7f255cde71e8..28be81654b4ebb36f860e9338690764a74162cc5 100644 (file)
--- a/include/types/ssl_sock.h
+++ b/include/types/ssl_sock.h
@@ -139,7 +139,7 @@ struct ckch_inst {
        struct bind_conf *bind_conf; /* pointer to the bind_conf that uses this ckch_inst */
        struct ssl_bind_conf *ssl_conf; /* pointer to the ssl_conf which is used by every sni_ctx of this inst */
        struct ckch_store *ckch_store; /* pointer to the store used to generate this inst */
-       unsigned int filters:1; /* using sni filters ? */
+       struct crtlist_entry *crtlist_entry; /* pointer to the crtlist_entry used, or NULL */
        unsigned int is_default:1;      /* This instance is used as the default ctx for this bind_conf */
        /* space for more flag there */
        struct list sni_ctx; /* list of sni_ctx using this ckch_inst */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index bd3fb34e9d409e174d1184ae25618863d47840ae..58776eec365c10af0d102bf1e85071cd07c7aaaf 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3904,84 +3904,6 @@ end:
        return NULL;
 }
 
-
-/*
- * Free a sni filters array generated by ckch_inst_sni_ctx_to_sni_filters()
- */
-static inline void free_sni_filters(char **sni_filter, int fcount)
-{
-       int i;
-
-       if (sni_filter) {
-               for (i = 0; i < fcount; i++) {
-                       if (sni_filter[i]) {
-                               free(sni_filter[i]);
-                               sni_filter[i] = NULL;
-                       }
-               }
-               free(sni_filter);
-       }
-}
-
-/*
- * Fill <*sni_filter> with an allocated array of ptr to the existing filters,
- * The caller should free <*sni_filter>.
- * Fill <*fcount> with the number of filters
- * Return an ERR_* code.
- */
-static int ckch_inst_sni_ctx_to_sni_filters(const struct ckch_inst *ckchi, char ***sni_filter, int *fcount, char **err)
-{
-       struct sni_ctx *sc0;
-       int errcode = 0;
-       int i = 0;
-       char **tmp_filter;
-       int tmp_fcount = 0;
-
-       list_for_each_entry(sc0, &ckchi->sni_ctx, by_ckch_inst) {
-               tmp_fcount++;
-       }
-
-       if (!tmp_fcount)
-               goto end;
-
-       tmp_filter = calloc(tmp_fcount, sizeof(*tmp_filter));
-       if (!tmp_filter) {
-               errcode |= ERR_FATAL|ERR_ALERT;
-               goto error;
-       }
-
-       list_for_each_entry(sc0, &ckchi->sni_ctx, by_ckch_inst) {
-               size_t len = strlen((char *)sc0->name.key);
-
-               /* we need to alloc and copy to insert a '!' or/and a '*' */
-               tmp_filter[i] = calloc(1, len + sc0->neg + sc0->wild + 1);
-               if (!tmp_filter[i]) {
-                       errcode |= ERR_FATAL|ERR_ALERT;
-                       goto error;
-               }
-
-               if (sc0->neg)
-                       *tmp_filter[i] = '!';
-               if (sc0->wild)
-                       *(tmp_filter[i] + sc0->neg) = '*';
-
-               memcpy(tmp_filter[i] + sc0->neg + sc0->wild, (char *)sc0->name.key, len + 1);
-               i++;
-       }
-       *sni_filter = tmp_filter;
-end:
-       *fcount = tmp_fcount;
-
-       return errcode;
-error:
-       memprintf(err, "%sUnable to generate filters!",
-                 err && *err ? *err : "");
-       free_sni_filters(tmp_filter, tmp_fcount);
-
-       return errcode;
-}
-
-
 #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
 
 /*
@@ -4197,7 +4119,6 @@ static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *c
        ckch_inst->bind_conf = bind_conf;
        ckch_inst->ssl_conf = ssl_conf;
        ckch_inst->ckch_store = ckchs;
-       ckch_inst->filters = !!fcount;
 
 end:
 
@@ -4396,7 +4317,6 @@ static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs,
        ckch_inst->bind_conf = bind_conf;
        ckch_inst->ssl_conf = ssl_conf;
        ckch_inst->ckch_store = ckchs;
-       ckch_inst->filters = !!fcount;
 
        SSL_CTX_free(ctx); /* we need to free the ctx since we incremented the refcount where it's used */
 
@@ -5041,6 +4961,7 @@ int ssl_sock_load_cert_list_file(char *file, int dir, struct bind_conf *bind_con
                        goto error;
                }
                LIST_ADDQ(&entry->ckch_inst, &ckch_inst->by_crtlist_entry);
+               ckch_inst->crtlist_entry = entry;
        }
 
        /* add the bind_conf to the list */
@@ -12049,10 +11970,10 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
                                                appctx->ctx.ssl.next_ckchi = ckchi;
                                                goto yield;
                                        }
-                                       if (ckchi->filters) {
-                                               errcode |= ckch_inst_sni_ctx_to_sni_filters(ckchi, &sni_filter, &fcount, &err);
-                                               if (errcode & ERR_CODE)
-                                                       goto error;
+
+                                       if (ckchi->crtlist_entry) {
+                                               sni_filter = ckchi->crtlist_entry->filters;
+                                               fcount = ckchi->crtlist_entry->fcount;
                                        }
 
                                        if (new_ckchs->multi)
@@ -12060,9 +11981,6 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
                                        else
                                                errcode |= ckch_inst_new_load_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, sni_filter, fcount, &new_inst, &err);
 
-                                       free_sni_filters(sni_filter, fcount);
-                                       sni_filter = NULL;
-
                                        if (errcode & ERR_CODE)
                                                goto error;