From 846819b316b6521f4babcc28ab7dda381dda0833 Mon Sep 17 00:00:00 2001 From: Valentine Krasnobaeva Date: Thu, 23 Jan 2025 15:58:15 +0100 Subject: [PATCH] CLEANUP: ssl: rename ssl_sock_load_ca to ssl_sock_gencert_load_ca ssl_sock_load_ca is defined in ssl_gencert.c and compiled only if SSL_NO_GENERATE_CERTIFICATES is not defined. It's name is a bit confusing, as we may think at the first glance, that it's a generic function, which is also used to load CA file, provided via 'ca-file' keyword. ssl_set_verify_locations_file is used in this case. So let's rename ssl_sock_load_ca into ssl_sock_gencert_load_ca. Same is applied to ssl_sock_free_ca. --- include/haproxy/ssl_sock.h | 4 ++-- src/ssl_gencert.c | 4 ++-- src/ssl_sock.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h index bd32ef2f90..fba5353f5c 100644 --- a/include/haproxy/ssl_sock.h +++ b/include/haproxy/ssl_sock.h @@ -68,8 +68,8 @@ void ssl_sock_free_srv_ctx(struct server *srv); void ssl_sock_free_all_ctx(struct bind_conf *bind_conf); int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len); -int ssl_sock_load_ca(struct bind_conf *bind_conf); -void ssl_sock_free_ca(struct bind_conf *bind_conf); +int ssl_sock_gencert_load_ca(struct bind_conf *bind_conf); +void ssl_sock_gencert_free_ca(struct bind_conf *bind_conf); int ssl_bio_and_sess_init(struct connection *conn, SSL_CTX *ssl_ctx, SSL **ssl, BIO **bio, BIO_METHOD *bio_meth, void *ctx); const char *ssl_sock_get_sni(struct connection *conn); diff --git a/src/ssl_gencert.c b/src/ssl_gencert.c index 44dc82c742..fb92460ffc 100644 --- a/src/ssl_gencert.c +++ b/src/ssl_gencert.c @@ -381,7 +381,7 @@ int ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ss /* Load CA cert file and private key used to generate certificates */ int -ssl_sock_load_ca(struct bind_conf *bind_conf) +ssl_sock_gencert_load_ca(struct bind_conf *bind_conf) { struct proxy *px = bind_conf->frontend; struct ckch_data *data = NULL; @@ -446,7 +446,7 @@ ssl_sock_load_ca(struct bind_conf *bind_conf) /* Release CA cert and private key used to generate certificated */ void -ssl_sock_free_ca(struct bind_conf *bind_conf) +ssl_sock_gencert_free_ca(struct bind_conf *bind_conf) { if (bind_conf->ca_sign_ckch) { ssl_sock_free_cert_key_and_chain_contents(bind_conf->ca_sign_ckch); diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 5d9593a812..8e5063e5fd 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4790,7 +4790,7 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf) #ifndef SSL_NO_GENERATE_CERTIFICATES /* initialize CA variables if the certificates generation is enabled */ - err += ssl_sock_load_ca(bind_conf); + err += ssl_sock_gencert_load_ca(bind_conf); #endif return -err; @@ -4884,7 +4884,7 @@ REGISTER_POST_DEINIT(ssl_sock_deinit); void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf) { #ifndef SSL_NO_GENERATE_CERTIFICATES - ssl_sock_free_ca(bind_conf); + ssl_sock_gencert_free_ca(bind_conf); #endif ssl_sock_free_all_ctx(bind_conf); ssl_sock_free_ssl_conf(&bind_conf->ssl_conf); -- 2.47.2