From: Emeric Brun Date: Tue, 29 Apr 2014 15:42:41 +0000 (+0200) Subject: MINOR: ssl: clean unused ACLs declarations X-Git-Tag: v1.5-dev25~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5bd99b4bd698d25715c0804f4cda5ce480fe2323;p=thirdparty%2Fhaproxy.git MINOR: ssl: clean unused ACLs declarations Now those ACLs are automatically created from pattern fetch declare. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 186be3ed16..ac004e7eaf 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -10309,33 +10309,21 @@ ssl_c_i_dn([[,]]) : string For instance, "ssl_c_i_dn(OU,2)" the second organization unit, and "ssl_c_i_dn(CN)" retrieves the common name. - ACL derivatives : - ssl_c_i_dn([[,]]) : exact string match - ssl_c_key_alg : string Returns the name of the algorithm used to generate the key of the certificate presented by the client when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_c_key_alg : exact string match - ssl_c_notafter : string Returns the end date presented by the client as a formatted string YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_c_notafter : exact string match - ssl_c_notbefore : string Returns the start date presented by the client as a formatted string YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_c_notbefore : exact string match - ssl_c_s_dn([[,]]) : string When the incoming connection was made over an SSL/TLS transport layer, returns the full distinguished name of the subject of the certificate @@ -10346,17 +10334,11 @@ ssl_c_s_dn([[,]]) : string For instance, "ssl_c_s_dn(OU,2)" the second organization unit, and "ssl_c_s_dn(CN)" retrieves the common name. - ACL derivatives : - ssl_c_s_dn([[,]]) : exact string match - ssl_c_serial : binary Returns the serial of the certificate presented by the client when the incoming connection was made over an SSL/TLS transport layer. When used for an ACL, the value(s) to match against can be passed in hexadecimal form. - ACL derivatives : - ssl_c_serial : hex block match - ssl_c_sha1 : binary Returns the SHA-1 fingerprint of the certificate presented by the client when the incoming connection was made over an SSL/TLS transport layer. This can be @@ -10367,9 +10349,6 @@ ssl_c_sig_alg : string the client when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_c_sig_alg : exact string match - ssl_c_used : boolean Returns true if current SSL session uses a client certificate even if current connection uses SSL session resumption. See also "ssl_fc_has_crt". @@ -10394,33 +10373,21 @@ ssl_f_i_dn([[,]]) : string For instance, "ssl_f_i_dn(OU,2)" the second organization unit, and "ssl_f_i_dn(CN)" retrieves the common name. - ACL derivatives : - ssl_f_i_dn([[,]]) : exact string match - ssl_f_key_alg : string Returns the name of the algorithm used to generate the key of the certificate presented by the frontend when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_f_key_alg : exact string match - ssl_f_notafter : string Returns the end date presented by the frontend as a formatted string YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_f_notafter : exact string match - ssl_f_notbefore : string Returns the start date presented by the frontend as a formatted string YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_f_notbefore : exact string match - ssl_f_s_dn([[,]]) : string When the incoming connection was made over an SSL/TLS transport layer, returns the full distinguished name of the subject of the certificate @@ -10431,25 +10398,16 @@ ssl_f_s_dn([[,]]) : string For instance, "ssl_f_s_dn(OU,2)" the second organization unit, and "ssl_f_s_dn(CN)" retrieves the common name. - ACL derivatives : - ssl_f_s_dn([[,]]) : exact string match - ssl_f_serial : binary Returns the serial of the certificate presented by the frontend when the incoming connection was made over an SSL/TLS transport layer. When used for an ACL, the value(s) to match against can be passed in hexadecimal form. - ACL derivatives : - ssl_f_serial : hex block match - ssl_f_sig_alg : string Returns the name of the algorithm used to sign the certificate presented by the frontend when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_f_sig_alg : exact string match - ssl_f_version : integer Returns the version of the certificate presented by the frontend when the incoming connection was made over an SSL/TLS transport layer. @@ -10481,16 +10439,10 @@ ssl_fc_alpn : string list, any other one may be requested. The TLS ALPN extension is meant to replace the TLS NPN extension. See also "ssl_fc_npn". - ACL derivatives : - ssl_fc_alpn : exact string match - ssl_fc_cipher : string Returns the name of the used cipher when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_fc_cipher : exact string match - ssl_fc_has_crt : boolean Returns true if a client certificate is present in an incoming connection over SSL/TLS transport layer. Useful if 'verify' statement is set to 'optional'. @@ -10516,16 +10468,10 @@ ssl_fc_npn : string forces the client to pick a protocol from this list, any other one may be requested. Please note that the TLS NPN extension was replaced with ALPN. - ACL derivatives : - ssl_fc_npn : exact string match - ssl_fc_protocol : string Returns the name of the used protocol when the incoming connection was made over an SSL/TLS transport layer. - ACL derivatives : - ssl_fc_protocol : exact string match - ssl_fc_unique_id : string When the incoming connection was made over an SSL/TLS transport layer, returns a base64 encoded string containing the TLS unique ID as defined @@ -10551,7 +10497,6 @@ ssl_fc_sni : string enabled (check haproxy -vv). ACL derivatives : - ssl_fc_sni : exact string match ssl_fc_sni_end : suffix match ssl_fc_sni_reg : regex match diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 473c3c93c0..6acc93488c 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3674,29 +3674,6 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "ssl_c_i_dn", NULL, PAT_MATCH_STR }, - { "ssl_c_key_alg", NULL, PAT_MATCH_STR }, - { "ssl_c_notafter", NULL, PAT_MATCH_STR }, - { "ssl_c_notbefore", NULL, PAT_MATCH_STR }, - { "ssl_c_sig_alg", NULL, PAT_MATCH_STR }, - { "ssl_c_s_dn", NULL, PAT_MATCH_STR }, - { "ssl_c_serial", NULL, PAT_MATCH_BIN }, - { "ssl_f_i_dn", NULL, PAT_MATCH_STR }, - { "ssl_f_key_alg", NULL, PAT_MATCH_STR }, - { "ssl_f_notafter", NULL, PAT_MATCH_STR }, - { "ssl_f_notbefore", NULL, PAT_MATCH_STR }, - { "ssl_f_sig_alg", NULL, PAT_MATCH_STR }, - { "ssl_f_s_dn", NULL, PAT_MATCH_STR }, - { "ssl_f_serial", NULL, PAT_MATCH_BIN }, - { "ssl_fc_cipher", NULL, PAT_MATCH_STR }, -#ifdef OPENSSL_NPN_NEGOTIATED - { "ssl_fc_npn", NULL, PAT_MATCH_STR }, -#endif -#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - { "ssl_fc_alpn", NULL, PAT_MATCH_STR }, -#endif - { "ssl_fc_protocol", NULL, PAT_MATCH_STR }, - { "ssl_fc_sni", "ssl_fc_sni", PAT_MATCH_STR }, { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END }, { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG }, { /* END */ },