MEDIUM: ssl/ckch: use ckch_store instead of ckch_data for ckch_conf_kws

This is an API change, instead of passing a ckch_data alone, the
ckch_conf_kws.func() is called with a ckch_store.

This allows the callback to access the whole ckch_store, with the
ckch_conf and the ckch_data. But it requires the ckch_conf to be
actually put in the ckch_store before.

diff --git a/include/haproxy/acme.h b/include/haproxy/acme.h
index 6aeae028357dce0aaa8b32338d0e21c5dad4a4c9..a6a0ed810ba52965bf43d66772d533c94b22b7f9 100644 (file)
--- a/include/haproxy/acme.h
+++ b/include/haproxy/acme.h
@@ -4,6 +4,6 @@
 
 #include <haproxy/ssl_ckch-t.h>
 
-int ckch_conf_acme_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
+int ckch_conf_acme_init(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err);
 
 #endif

diff --git a/include/haproxy/ssl_ckch-t.h b/include/haproxy/ssl_ckch-t.h
index 2c75996ef4303ce5ba266dd1f09d51899f4fc233..1c9699054e6bc69d455075cd93be86ccf7921fa8 100644 (file)
--- a/include/haproxy/ssl_ckch-t.h
+++ b/include/haproxy/ssl_ckch-t.h
@@ -204,7 +204,7 @@ struct ckch_conf_kws {
        const char *name;
        ssize_t offset;
        enum parse_type_t type;
-       int (*func)(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
+       int (*func)(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err);
 };
 
 extern struct ckch_conf_kws ckch_conf_kws[];

diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index 843b6db00a89da8d3ba9c6c16b1534e1eb3cd017..35f1cdc535cb31d504ee5305f6397995f3ba9e2f 100644 (file)
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -90,10 +90,11 @@ extern int (*ssl_commit_crlfile_cb)(const char *path, X509_STORE *ctx, char **er
  *
  */
 #define DECLARE_CKCH_CONF_LOAD(name, base, callback)                                                                                           \
-static inline int ckch_conf_load_##name(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err)   \
+static inline int ckch_conf_load_##name(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err)   \
 {                                                                                                                                              \
        char path[PATH_MAX];                                                                                                                   \
        int err_code = 0;                                                                                                                      \
+       struct ckch_data *d = s->data;                                                                                                         \
        if (cli)                                                                                                                               \
                return 0;                                                                                                                      \
        err_code |= path_base(value, (base), path, err);                                                                                       \

diff --git a/include/haproxy/ssl_ocsp.h b/include/haproxy/ssl_ocsp.h
index 9beaef546e65a8f26c75a5e35c03d6f3fcbd92dd..e97dfd86b9649b5e4f5c2c1ef3bf9abe4128076c 100644 (file)
--- a/include/haproxy/ssl_ocsp.h
+++ b/include/haproxy/ssl_ocsp.h
@@ -56,7 +56,7 @@ void ssl_destroy_ocsp_update_task(void);
 int ssl_ocsp_update_insert(struct certificate_ocsp *ocsp);
 int __ssl_ocsp_update_insert_unlocked(struct certificate_ocsp *ocsp);
 
-int ocsp_update_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
+int ocsp_update_init(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err);
 
 #endif /* (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) */
 

diff --git a/src/acme.c b/src/acme.c
index ffc8ad7ec20964b00684c410dce6a1ed7fd89ebb..9a34ab5e43bf9a76dc83f35ab91a959c066b96f4 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -209,7 +209,7 @@ out:
 /*
  * ckch_conf acme parser
  */
-int ckch_conf_acme_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err)
+int ckch_conf_acme_init(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err)
 {
        int err_code = 0;
        struct acme_cfg *cfg;

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index e21f0797a00b794d0e8109f5d3e7ec9da3f20ad9..2d4dd07252561b994d795f6a168a2b55393e78cf 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -4785,7 +4785,7 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, co
                                if (!v)
                                        goto next;
 
-                               rc = ckch_conf_kws[i].func(v, NULL, d, cli, file, linenum, err);
+                               rc = ckch_conf_kws[i].func(v, NULL, c, cli, file, linenum, err);
                                if (rc) {
                                        err_code |= ERR_ALERT | ERR_FATAL;
                                        memprintf(err, "%s '%s' cannot be read or parsed.", err && *err ? *err : "", v);
@@ -4798,7 +4798,7 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, co
                        case PARSE_TYPE_ONOFF:
                        {
                                int v = *(int *)src;
-                               rc = ckch_conf_kws[i].func(&v, NULL, d, cli, file, linenum, err);
+                               rc = ckch_conf_kws[i].func(&v, NULL, c, cli, file, linenum, err);
                                if (rc) {
                                        err_code |= ERR_ALERT | ERR_FATAL;
                                        memprintf(err, "%s '%d' cannot be read or parsed.", err && *err ? *err : "", v);
@@ -5222,13 +5222,13 @@ static int crtstore_parse_load(char **args, int section_type, struct proxy *curp
        if (!c)
                goto alloc_error;
 
+       c->conf = f;
+       c->conf.used = CKCH_CONF_SET_CRTSTORE;
+
        err_code |= ckch_store_load_files(&f, c,  0, file, linenum, err);
        if (err_code & ERR_FATAL)
                goto out;
 
-       c->conf = f;
-       c->conf.used = CKCH_CONF_SET_CRTSTORE;
-
        if (ebst_insert(&ckchs_tree, &c->node) != &c->node) {
                memprintf(err,"parsing [%s:%d] : '%s' in section 'crt-store': store '%s' was already defined.",
                         file, linenum, args[0], c->path);

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index aef6c9a85f1659aecec29a9421952799a038d291..fec67105d90281fee28ea6a7a1db020ceb6ec56b 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -2087,7 +2087,7 @@ static int ocsp_update_parse_global_http_proxy(char **args, int section_type, st
        return 0;
 }
 
-int ocsp_update_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err)
+int ocsp_update_init(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err)
 {
        int ocsp_update_mode = *(int *)value;
        int ret = 0;