From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 1 Apr 2020 15:42:47 +0000 (+0200)
Subject: MINOR: ssl: add a comment above the ssl_bind_conf keywords
X-Git-Tag: v2.2-dev6~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=557823f847e4e7651f123ba0665d79bd3adf9fc0;p=thirdparty%2Fhaproxy.git

MINOR: ssl: add a comment above the ssl_bind_conf keywords

Add a warning above the ssl_bind_conf keywords list so developers check
if their keywords are relevant for the list.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 17d793998d..7be6d1ccf9 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -12716,6 +12716,9 @@ INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
  * the config parser can report an appropriate error when a known keyword was
  * not enabled.
  */
+
+/* the <ssl_bind_kws> keywords are used for crt-list parsing, they *MUST* be safe
+ * with their proxy argument NULL and must only fill the ssl_bind_conf */
 static struct ssl_bind_kw ssl_bind_kws[] = {
 	{ "allow-0rtt",            ssl_bind_parse_allow_0rtt,       0 }, /* allow 0-RTT */
 	{ "alpn",                  ssl_bind_parse_alpn,             1 }, /* set ALPN supported protocols */