From 2071a99dfed31f2c776fa633d128c297c8ad2396 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 20 May 2022 17:14:31 +0200 Subject: [PATCH] MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known We used to preset XPRT_SSL on bind_conf->xprt when parsing the "ssl" keyword, which required to be careful about what QUIC could have set before, and which makes it impossible to consider the whole line to set all options. Now that we have the BC_O_USE_SSL option on the bind_conf, it becomes easier to set XPRT_SSL only once the bind_conf's args are parsed. --- src/cfgparse-ssl.c | 3 --- src/listener.c | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index fad0828f2e..6abcd38ebb 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -1115,9 +1115,6 @@ static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bi /* parse the "ssl" bind keyword */ static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err) { - /* Do not change the xprt for QUIC. */ - if (conf->xprt != xprt_get(XPRT_QUIC)) - conf->xprt = &ssl_sock; conf->options |= BC_O_USE_SSL; if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers) diff --git a/src/listener.c b/src/listener.c index 3efe6c1c83..929c2387aa 100644 --- a/src/listener.c +++ b/src/listener.c @@ -1656,6 +1656,9 @@ int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg, goto out; #endif } + else if (bind_conf->options & BC_O_USE_SSL) { + bind_conf->xprt = xprt_get(XPRT_SSL); + } out: return err_code; -- 2.39.5