RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-11 03:31:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

REORG: ssl: move structures to ssl_sock.h

Browse Source
This commit is contained in:
William Lallemand 2019-09-11 16:33:52 +02:00 committed by William Lallemand
parent e3af8fbad3
commit f6adbe9f28
2 changed files with 45 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
include/types/ssl_sock.h
View File

@ -85,5 +85,50 @@ struct sh_ssl_sess_hdr {
unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH]; unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH];
}; };
/* This is used to preload the certifcate, private key
* and Cert Chain of a file passed in via the crt
* argument
*
* This way, we do not have to read the file multiple times
*/
struct cert_key_and_chain {
X509 *cert;
EVP_PKEY *key;
STACK_OF(X509) *chain;
DH *dh;
};
/*
* this is used to store 1 to SSL_SOCK_NUM_KEYTYPES cert_key_and_chain and
* metadata.
*/
struct ckch_store {
struct cert_key_and_chain *ckch;
int multi; /* is it a multi-cert bundle ? */
struct ebmb_node node;
char path[0];
};
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
struct key_combo_ctx {
SSL_CTX *ctx;
int order;
};
/* Map used for processing multiple keypairs for a single purpose
*
* This maps CN/SNI name to certificate type
*/
struct sni_keytype {
int keytypes; /* BITMASK for keytypes */
struct ebmb_node name; /* node holding the servername value */
};
#endif
#endif /* USE_OPENSSL */ #endif /* USE_OPENSSL */
#endif /* _TYPES_SSL_SOCK_H */ #endif /* _TYPES_SSL_SOCK_H */

47
src/ssl_sock.c
View File

@ -2797,58 +2797,11 @@ static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_b
return order; return order;
} }
/* The following code is used for loading multiple crt files into
* SSL_CTX's based on CN/SAN
*/
/* This is used to preload the certifcate, private key
* and Cert Chain of a file passed in via the crt
* argument
*
* This way, we do not have to read the file multiple times
*/
struct cert_key_and_chain {
X509 *cert;
EVP_PKEY *key;
STACK_OF(X509) *chain;
DH *dh;
};
/*
* this is used to store 1 to SSL_SOCK_NUM_KEYTYPES cert_key_and_chain and
* metadata.
*/
struct ckch_store {
struct cert_key_and_chain *ckch;
int multi; /* is it a multi-cert bundle ? */
struct ebmb_node node;
char path[0];
};
/* /*
* tree used to store the ckchs ordered by filename/bundle name * tree used to store the ckchs ordered by filename/bundle name
*/ */
struct eb_root ckchs_tree = EB_ROOT_UNIQUE; struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
struct key_combo_ctx {
SSL_CTX *ctx;
int order;
};
/* Map used for processing multiple keypairs for a single purpose
*
* This maps CN/SNI name to certificate type
*/
struct sni_keytype {
int keytypes; /* BITMASK for keytypes */
struct ebmb_node name; /* node holding the servername value */
};
#endif
/* Loads Diffie-Hellman parameter from a ckchs. Returns 1 if loaded, else -1 /* Loads Diffie-Hellman parameter from a ckchs. Returns 1 if loaded, else -1
if an error occurred, and 0 if parameter not found. */ if an error occurred, and 0 if parameter not found. */