From c7f29afcea63cab7dfdc9f430c67e4672ad9f782 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Thu, 3 Apr 2025 16:12:49 +0200 Subject: [PATCH] MEDIUM: ssl: replace "crt" lines by "ssl-f-use" lines The new "crt" lines in frontend and listen sections are confusing: - a filename is mandatory but we could need a syntax without the filename in the future, if the filename is generated for example - there is no clue about the fact that its only used on the frontend side when reading the line A new "ssl-f-use" line replaces the "crt" line, but a "crt" keyword can be used on this line. "f" indicates that this is the frontend configuration, a "ssl-b-use" keyword could be used in the future. The "crt" lines only appeared in 3.2-dev so this won't change anything for people using configurations from previous major versions. --- src/cfgparse-ssl.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index 731d61309..b78014872 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -2168,24 +2168,19 @@ struct cfg_crt_node { /* list used for inline crt-list initialization */ static struct list cur_crtlist = LIST_HEAD_INIT(cur_crtlist); /* - * Parse a "crt" line in a frontend. + * Parse a "ssl-f-use" line in a frontend. */ -static int proxy_parse_crt(char **args, int section_type, struct proxy *curpx, - const struct proxy *defpx, const char *file, int linenum, - char **err) +static int proxy_parse_ssl_f_use(char **args, int section_type, struct proxy *curpx, + const struct proxy *defpx, const char *file, int linenum, + char **err) { int cfgerr = 0; struct ssl_bind_conf *ssl_conf = NULL; struct ckch_conf *ckch_conf = NULL; struct cfg_crt_node *cfg_crt_node = NULL; - int cur_arg = 2; + int cur_arg = 1; int i; - if (!*args[1]) { - memprintf(err, "parsing [%s:%d] : '%s' : expects a certificate name", file, linenum, args[0]); - goto error; - } - cfg_crt_node = calloc(1, sizeof *cfg_crt_node); if (!cfg_crt_node) { memprintf(err, "not enough memory!"); @@ -2546,7 +2541,7 @@ static struct cfg_kw_list cfg_kws = {ILH, { { CFG_GLOBAL, "ssl-load-extra-files", ssl_parse_global_extra_files }, { CFG_GLOBAL, "ssl-load-extra-del-ext", ssl_parse_global_extra_noext }, - { CFG_LISTEN, "crt", proxy_parse_crt }, + { CFG_LISTEN, "ssl-f-use", proxy_parse_ssl_f_use }, { 0, NULL, NULL }, }}; -- 2.39.5