git.ipfire.org Git - thirdparty/haproxy.git/commit

author	William Lallemand <wlallemand@haproxy.com>
	Fri, 6 Mar 2020 20:54:13 +0000 (21:54 +0100)
committer	William Lallemand <wlallemand@haproxy.org>
	Mon, 16 Mar 2020 15:18:49 +0000 (16:18 +0100)
commit	2954c478ebab019b814b97cbaec4653af7f03f34
tree	e4de9fd32ac86fc496623eb1789982b8cdd4ec91	tree
parent	24bde43eab0db67482b3cd1769b8d3cb48e37a24	commit \| diff

MEDIUM: ssl: allow crt-list caching

The crtlist structure defines a crt-list in the HAProxy configuration.
It contains crtlist_entry structures which are the lines in a crt-list
file.

crt-list are now loaded in memory using crtlist and crtlist_entry
structures. The file is read only once. The generation algorithm changed
a little bit, new ckch instances are generated from the crtlist
structures, instead of being generated during the file loading.

The loading function was split in two, one that loads and caches the
crt-list and certificates, and one that looks for a crt-list and creates
the ckch instances.

Filters are also stored in crtlist_entry->filters as a char ** so we can
generate the sni_ctx again if needed. I won't be needed anymore to parse
the sni_ctx to do that.

A crtlist_entry stores the list of all ckch_inst that were generated
from this entry.

include/types/ssl_sock.h		diff \| blob \| blame \| history
src/ssl_sock.c		diff \| blob \| blame \| history