RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-01 22:48:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf()

Browse Source 
Instead of hard-coding all SSL destruction in cfgparse.c and haproxy.c,
we now register this new function as the transport layer's destroy_bind_conf()
and call it only when defined. This removes some non-obvious SSL-specific
code and #ifdefs from cfgparse.c and haproxy.c
This commit is contained in:
Willy Tarreau 2016-12-22 17:30:54 +01:00
parent fa983d3caa
commit 795cdabb57
3 changed files with 31 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/cfgparse.c
View File

@ -8801,31 +8801,8 @@ out_uri_auth_compat:
/* Release unused SSL configs */
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
if (bind_conf->is_ssl)
continue;
#ifdef USE_OPENSSL
ssl_sock_free_ca(bind_conf);
ssl_sock_free_all_ctx(bind_conf);
free(bind_conf->ca_file);
free(bind_conf->ca_sign_file);
free(bind_conf->ca_sign_pass);
free(bind_conf->ciphers);
free(bind_conf->ecdhe);
free(bind_conf->crl_file);
if(bind_conf->keys_ref) {
free(bind_conf->keys_ref->filename);
free(bind_conf->keys_ref->tlskeys);
LIST_DEL(&bind_conf->keys_ref->list);
free(bind_conf->keys_ref);
}
bind_conf->keys_ref = NULL;
bind_conf->crl_file = NULL;
bind_conf->ecdhe = NULL;
bind_conf->ciphers = NULL;
bind_conf->ca_sign_pass = NULL;
bind_conf->ca_sign_file = NULL;
bind_conf->ca_file = NULL;
#endif /* USE_OPENSSL */
if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf)
bind_conf->xprt->destroy_bind_conf(bind_conf);
}
if (my_popcountl(curproxy->bind_proc & nbits(global.nbproc)) > 1) {

12
src/haproxy.c
View File

@ -1466,16 +1466,8 @@ static void deinit(void)
/* Release unused SSL configs. */
list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
#ifdef USE_OPENSSL
ssl_sock_free_ca(bind_conf);
ssl_sock_free_all_ctx(bind_conf);
free(bind_conf->ca_file);
free(bind_conf->ca_sign_file);
free(bind_conf->ca_sign_pass);
free(bind_conf->ciphers);
free(bind_conf->ecdhe);
free(bind_conf->crl_file);
#endif /* USE_OPENSSL */
if (bind_conf->xprt->destroy_bind_conf)
bind_conf->xprt->destroy_bind_conf(bind_conf);
free(bind_conf->file);
free(bind_conf->arg);
LIST_DEL(&bind_conf->by_fe);

27
src/ssl_sock.c
View File

@ -3308,6 +3308,32 @@ void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
bind_conf->default_ctx = NULL;
}
/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
{
ssl_sock_free_ca(bind_conf);
ssl_sock_free_all_ctx(bind_conf);
free(bind_conf->ca_file);
free(bind_conf->ca_sign_file);
free(bind_conf->ca_sign_pass);
free(bind_conf->ciphers);
free(bind_conf->ecdhe);
free(bind_conf->crl_file);
if (bind_conf->keys_ref) {
free(bind_conf->keys_ref->filename);
free(bind_conf->keys_ref->tlskeys);
LIST_DEL(&bind_conf->keys_ref->list);
free(bind_conf->keys_ref);
}
bind_conf->keys_ref = NULL;
bind_conf->crl_file = NULL;
bind_conf->ecdhe = NULL;
bind_conf->ciphers = NULL;
bind_conf->ca_sign_pass = NULL;
bind_conf->ca_sign_file = NULL;
bind_conf->ca_file = NULL;
}
/* Load CA cert file and private key used to generate certificates */
int
ssl_sock_load_ca(struct bind_conf *bind_conf)
@ -6632,6 +6658,7 @@ struct xprt_ops ssl_sock = {
.close = ssl_sock_close,
.init = ssl_sock_init,
.prepare_bind_conf = ssl_sock_prepare_bind_conf,
.destroy_bind_conf = ssl_sock_destroy_bind_conf,
.name = "SSL",
};