RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-06 03:18:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock

Browse Source 
These ones are pretty similar, just an strdup. Contrary to ca-base
and crt-base they support being changed.
This commit is contained in:
Willy Tarreau 2016-12-21 23:23:19 +01:00
parent 0bea58d641
commit f22e9683e9
2 changed files with 26 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/cfgparse.c
View File

@ -1105,40 +1105,6 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
}
#endif /* SYSTEM_MAXCONN */
}
else if (!strcmp(args[0], "ssl-default-bind-ciphers")) {
#ifdef USE_OPENSSL
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(global.listen_default_ciphers);
global.listen_default_ciphers = strdup(args[1]);
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
else if (!strcmp(args[0], "ssl-default-server-ciphers")) {
#ifdef USE_OPENSSL
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(global.connect_default_ciphers);
global.connect_default_ciphers = strdup(args[1]);
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
#ifdef USE_OPENSSL
#ifndef OPENSSL_NO_DH
else if (!strcmp(args[0], "ssl-dh-param-file")) {

26
src/ssl_sock.c
View File

@ -6010,6 +6010,30 @@ static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct pr
return 0;
}
/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
* in global section. Returns <0 on alert, >0 on warning, 0 on success.
*/
static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
struct proxy *defpx, const char *file, int line,
char **err)
{
char **target;
target = (args[0][12] == 'b') ? &global.listen_default_ciphers : &global.connect_default_ciphers;
if (too_many_args(1, args, err, NULL))
return -1;
if (*(args[1]) == 0) {
memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
return -1;
}
free(*target);
*target = strdup(args[1]);
return 0;
}
/* parse various global tune.ssl settings consisting in positive integers.
* Returns <0 on alert, >0 on warning, 0 on success.
*/
@ -6523,6 +6547,8 @@ static struct cfg_kw_list cfg_kws = {ILH, {
{ CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
{ CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
{ CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
{ CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
{ CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
{ 0, NULL, NULL },
}};