MINOR: ssl: clean unused ACLs declarations

Now those ACLs are automatically created from pattern fetch declare.

doc/configuration.txt

@@ -10309,33 +10309,21 @@ ssl_c_i_dn([<entry>[,<occ>]]) : string
   For instance, "ssl_c_i_dn(OU,2)" the second organization unit, and
   "ssl_c_i_dn(CN)" retrieves the common name.
 
-  ACL derivatives :
-    ssl_c_i_dn([<entry>[,<occ>]]) : exact string match
-
 ssl_c_key_alg : string
   Returns the name of the algorithm used to generate the key of the certificate
   presented by the client when the incoming connection was made over an SSL/TLS
   transport layer.
 
-  ACL derivatives :
-    ssl_c_key_alg : exact string match
-
 ssl_c_notafter : string
   Returns the end date presented by the client as a formatted string
   YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS
   transport layer.
 
-  ACL derivatives :
-    ssl_c_notafter : exact string match
-
 ssl_c_notbefore : string
   Returns the start date presented by the client as a formatted string
   YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS
   transport layer.
 
-  ACL derivatives :
-    ssl_c_notbefore : exact string match
-
 ssl_c_s_dn([<entry>[,<occ>]]) : string
   When the incoming connection was made over an SSL/TLS transport layer,
   returns the full distinguished name of the subject of the certificate
@@ -10346,17 +10334,11 @@ ssl_c_s_dn([<entry>[,<occ>]]) : string
   For instance, "ssl_c_s_dn(OU,2)" the second organization unit, and
   "ssl_c_s_dn(CN)" retrieves the common name.
 
-  ACL derivatives :
-    ssl_c_s_dn([<entry>[,<occ>]]) : exact string match
-
 ssl_c_serial : binary
   Returns the serial of the certificate presented by the client when the
   incoming connection was made over an SSL/TLS transport layer. When used for
   an ACL, the value(s) to match against can be passed in hexadecimal form.
 
-  ACL derivatives :
-    ssl_c_serial : hex block match
-
 ssl_c_sha1 : binary
   Returns the SHA-1 fingerprint of the certificate presented by the client when
   the incoming connection was made over an SSL/TLS transport layer. This can be
@@ -10367,9 +10349,6 @@ ssl_c_sig_alg : string
   the client when the incoming connection was made over an SSL/TLS transport
   layer.
 
-  ACL derivatives :
-    ssl_c_sig_alg : exact string match
-
 ssl_c_used : boolean
   Returns true if current SSL session uses a client certificate even if current
   connection uses SSL session resumption. See also "ssl_fc_has_crt".
@@ -10394,33 +10373,21 @@ ssl_f_i_dn([<entry>[,<occ>]]) : string
   For instance, "ssl_f_i_dn(OU,2)" the second organization unit, and
   "ssl_f_i_dn(CN)" retrieves the common name.
 
-  ACL derivatives :
-    ssl_f_i_dn([<entry>[,<occ>]]) : exact string match
-
 ssl_f_key_alg : string
   Returns the name of the algorithm used to generate the key of the certificate
   presented by the frontend when the incoming connection was made over an
   SSL/TLS transport layer.
 
-  ACL derivatives :
-    ssl_f_key_alg : exact string match
-
 ssl_f_notafter : string
   Returns the end date presented by the frontend as a formatted string
   YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS
   transport layer.
 
-  ACL derivatives :
-    ssl_f_notafter : exact string match
-
 ssl_f_notbefore : string
   Returns the start date presented by the frontend as a formatted string
   YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS
   transport layer.
 
-  ACL derivatives :
-    ssl_f_notbefore : exact string match
-
 ssl_f_s_dn([<entry>[,<occ>]]) : string
   When the incoming connection was made over an SSL/TLS transport layer,
   returns the full distinguished name of the subject of the certificate
@@ -10431,25 +10398,16 @@ ssl_f_s_dn([<entry>[,<occ>]]) : string
   For instance, "ssl_f_s_dn(OU,2)" the second organization unit, and
   "ssl_f_s_dn(CN)" retrieves the common name.
 
-  ACL derivatives :
-    ssl_f_s_dn([<entry>[,<occ>]]) : exact string match
-
 ssl_f_serial : binary
   Returns the serial of the certificate presented by the frontend when the
   incoming connection was made over an SSL/TLS transport layer. When used for
   an ACL, the value(s) to match against can be passed in hexadecimal form.
 
-  ACL derivatives :
-    ssl_f_serial : hex block match
-
 ssl_f_sig_alg : string
   Returns the name of the algorithm used to sign the certificate presented by
   the frontend when the incoming connection was made over an SSL/TLS transport
   layer.
 
-  ACL derivatives :
-    ssl_f_sig_alg : exact string match
-
 ssl_f_version : integer
   Returns the version of the certificate presented by the frontend when the
   incoming connection was made over an SSL/TLS transport layer.
@@ -10481,16 +10439,10 @@ ssl_fc_alpn : string
   list, any other one may be requested. The TLS ALPN extension is meant to
   replace the TLS NPN extension. See also "ssl_fc_npn".
 
-  ACL derivatives :
-    ssl_fc_alpn : exact string match
-
 ssl_fc_cipher : string
   Returns the name of the used cipher when the incoming connection was made
   over an SSL/TLS transport layer.
 
-  ACL derivatives :
-    ssl_fc_cipher : exact string match
-
 ssl_fc_has_crt : boolean
   Returns true if a client certificate is present in an incoming connection over
   SSL/TLS transport layer. Useful if 'verify' statement is set to 'optional'.
@@ -10516,16 +10468,10 @@ ssl_fc_npn : string
   forces the client to pick a protocol from this list, any other one may be
   requested. Please note that the TLS NPN extension was replaced with ALPN.
 
-  ACL derivatives :
-    ssl_fc_npn : exact string match
-
 ssl_fc_protocol : string
   Returns the name of the used protocol when the incoming connection was made
   over an SSL/TLS transport layer.
 
-  ACL derivatives :
-    ssl_fc_protocol : exact string match
-
 ssl_fc_unique_id : string
   When the incoming connection was made over an SSL/TLS transport layer,
   returns a base64 encoded string containing the TLS unique ID as defined
@@ -10551,7 +10497,6 @@ ssl_fc_sni : string
   enabled (check haproxy -vv).
 
   ACL derivatives :
-    ssl_fc_sni     : exact string match
     ssl_fc_sni_end : suffix match
     ssl_fc_sni_reg : regex match
 

src/ssl_sock.c

@@ -3674,29 +3674,6 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
  * Please take care of keeping this list alphabetically sorted.
  */
 static struct acl_kw_list acl_kws = {ILH, {
-	{ "ssl_c_i_dn",             NULL,         PAT_MATCH_STR },
-	{ "ssl_c_key_alg",          NULL,         PAT_MATCH_STR },
-	{ "ssl_c_notafter",         NULL,         PAT_MATCH_STR },
-	{ "ssl_c_notbefore",        NULL,         PAT_MATCH_STR },
-	{ "ssl_c_sig_alg",          NULL,         PAT_MATCH_STR },
-	{ "ssl_c_s_dn",             NULL,         PAT_MATCH_STR },
-	{ "ssl_c_serial",           NULL,         PAT_MATCH_BIN },
-	{ "ssl_f_i_dn",             NULL,         PAT_MATCH_STR },
-	{ "ssl_f_key_alg",          NULL,         PAT_MATCH_STR },
-	{ "ssl_f_notafter",         NULL,         PAT_MATCH_STR },
-	{ "ssl_f_notbefore",        NULL,         PAT_MATCH_STR },
-	{ "ssl_f_sig_alg",          NULL,         PAT_MATCH_STR },
-	{ "ssl_f_s_dn",             NULL,         PAT_MATCH_STR },
-	{ "ssl_f_serial",           NULL,         PAT_MATCH_BIN },
-	{ "ssl_fc_cipher",          NULL,         PAT_MATCH_STR },
-#ifdef OPENSSL_NPN_NEGOTIATED
-	{ "ssl_fc_npn",             NULL,         PAT_MATCH_STR },
-#endif
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
-	{ "ssl_fc_alpn",            NULL,         PAT_MATCH_STR },
-#endif
-	{ "ssl_fc_protocol",        NULL,         PAT_MATCH_STR },
-	{ "ssl_fc_sni",             "ssl_fc_sni", PAT_MATCH_STR },
 	{ "ssl_fc_sni_end",         "ssl_fc_sni", PAT_MATCH_END },
 	{ "ssl_fc_sni_reg",         "ssl_fc_sni", PAT_MATCH_REG },
 	{ /* END */ },