RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known 

We used to preset XPRT_SSL on bind_conf->xprt when parsing the "ssl"
keyword, which required to be careful about what QUIC could have set
before, and which makes it impossible to consider the whole line to
set all options.

Now that we have the BC_O_USE_SSL option on the bind_conf, it becomes
easier to set XPRT_SSL only once the bind_conf's args are parsed.
This commit is contained in:
Willy Tarreau 2022-05-20 17:14:31 +02:00
parent 78d0dcd519
commit 2071a99dfe
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/cfgparse-ssl.c
View File

@ -1115,9 +1115,6 @@ static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bi
/* parse the "ssl" bind keyword */
static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
/* Do not change the xprt for QUIC. */
if (conf->xprt != xprt_get(XPRT_QUIC))
conf->xprt = &ssl_sock;
conf->options |= BC_O_USE_SSL;
if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)

3
src/listener.c
View File

@ -1656,6 +1656,9 @@ int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg,
goto out;
#endif
}
else if (bind_conf->options & BC_O_USE_SSL) {
bind_conf->xprt = xprt_get(XPRT_SSL);
}
out:
return err_code;