CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback

tlskeys_finalize_config() was the only reason for haproxy.c to still require ifdef and includes for ssl_sock. This one fits perfectly well in the late initializers so it was changed to be registered with hap_register_post_check().
2025-03-25 04:17:42 +00:00 · 2016-12-22 22:46:15 +01:00 · 2016-12-22 22:46:15 +01:00 · d1c5750370
commit d1c5750370
parent 17d4538044
3 changed files with 7 additions and 9 deletions
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@ -65,7 +65,6 @@ int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err);
 int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err);
 struct tls_keys_ref *tlskeys_ref_lookup(const char *filename);
 struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id);
-void tlskeys_finalize_config(void);
 #endif
 #ifndef OPENSSL_NO_DH
 int ssl_sock_load_global_dh_param_from_file(const char *filename);
--- a/src/haproxy.c
+++ b/src/haproxy.c
@ -109,9 +109,6 @@
 #include <proto/dns.h>
 #include <proto/vars.h>

-#ifdef USE_OPENSSL
-#include <proto/ssl_sock.h>
-#endif

 /* list of config files */
 static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles);
@ -818,9 +815,6 @@ static void init(int argc, char **argv)
 	}

 	pattern_finalize_config();
-#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
-	tlskeys_finalize_config();
-#endif

 	err_code |= check_config_validity();
 	if (err_code & (ERR_ABORT|ERR_FATAL)) {
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -574,9 +574,10 @@ int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err) {
 }

 /* This function finalize the configuration parsing. Its set all the
- * automatic ids
+ * automatic ids. It's called just after the basic checks. It returns
+ * 0 on success otherwise ERR_*.
 */
-void tlskeys_finalize_config(void)
+static int tlskeys_finalize_config(void)
 {
 	int i = 0;
 	struct tls_keys_ref *ref, *ref2, *ref3;
@ -618,6 +619,7 @@ void tlskeys_finalize_config(void)
 	/* swap root */
 	LIST_ADD(&tkr, &tlskeys_reference);
 	LIST_DEL(&tkr);
+	return 0;
 }

 #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
@ -6710,6 +6712,9 @@ static void __ssl_sock_init(void)
 	srv_register_keywords(&srv_kws);
 	cfg_register_keywords(&cfg_kws);
 	cli_register_kw(&cli_kws);
+#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
+	hap_register_post_check(tlskeys_finalize_config);
+#endif

 	ptr = NULL;
 	memprintf(&ptr, "Built with OpenSSL version : "