CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL

The new flag will now replace this boolean variable that was only set and tested.
2025-08-06 23:27:04 +02:00 · 2022-05-20 15:56:32 +02:00 · 2022-05-20 15:56:32 +02:00 · 11ba404c6b
commit 11ba404c6b
parent c694471b21
6 changed files with 14 additions and 9 deletions
--- a/include/haproxy/listener-t.h
+++ b/include/haproxy/listener-t.h
@ -113,6 +113,10 @@ enum li_status {
 * maxconn setting to the global.maxsock value so that its resources are reserved.
 */

+/* flags used with bind_conf->options */
+#define BC_O_USE_SSL            0x00000001 /* SSL is being used on this bind_conf */
+
+
 /* flags used with bind_conf->ssl_options */
 #ifdef USE_OPENSSL
 #define BC_SSL_O_NONE           0x0000
@ -177,7 +181,6 @@ struct bind_conf {
 	const struct mux_proto_list *mux_proto; /* the mux to use for all incoming connections (specified by the "proto" keyword) */
 	struct xprt_ops *xprt;     /* transport-layer operations for all listeners */
 	uint options;              /* set of BC_O_* flags */
-	int is_ssl;                /* SSL is required for these listeners */
 	int generate_certs;        /* 1 if generate-certificates option is set, else 0 */
 	int level;                 /* stats access level (ACCESS_LVL_*) */
 	int severity_output;       /* default severity output format in cli feedback messages */
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@ -1118,7 +1118,7 @@ static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bin
 	/* Do not change the xprt for QUIC. */
 	if (conf->xprt != xprt_get(XPRT_QUIC))
 		conf->xprt = &ssl_sock;
-	conf->is_ssl = 1;
+	conf->options |= BC_O_USE_SSL;

 	if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
 		conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -3960,14 +3960,14 @@ int check_config_validity()

 			/* smart accept mode is automatic in HTTP mode */
 			if ((curproxy->options2 & PR_O2_SMARTACC) ||
-			    ((curproxy->mode == PR_MODE_HTTP || listener->bind_conf->is_ssl) &&
+			    ((curproxy->mode == PR_MODE_HTTP || (listener->bind_conf->options & BC_O_USE_SSL)) &&
 			     !(curproxy->no_options2 & PR_O2_SMARTACC)))
 				listener->options |= LI_O_NOQUICKACK;
 		}

 		/* Release unused SSL configs */
 		list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
-			if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf)
+			if (!(bind_conf->options & BC_O_USE_SSL) && bind_conf->xprt->destroy_bind_conf)
 				bind_conf->xprt->destroy_bind_conf(bind_conf);
 		}

--- a/src/connection.c
+++ b/src/connection.c
@ -366,7 +366,7 @@ int conn_update_alpn(struct connection *conn, const struct ist alpn, int force)
 			struct session *sess = conn->owner;
 			struct listener *li = sess->listener;

-			if (li->bind_conf && li->bind_conf->is_ssl) {
+			if (li->bind_conf && li->bind_conf->options & BC_O_USE_SSL) {
 				ctx_alpn_str = li->bind_conf->ssl_conf.alpn_str;
 				ctx_alpn_len = li->bind_conf->ssl_conf.alpn_len;
 			}
--- a/src/listener.c
+++ b/src/listener.c
@ -152,7 +152,7 @@ struct task *accept_queue_process(struct task *t, void *context, unsigned int st
 		if (!(li->options & LI_O_UNLIMITED)) {
 			HA_ATOMIC_UPDATE_MAX(&global.sps_max,
 			                     update_freq_ctr(&global.sess_per_sec, 1));
-			if (li->bind_conf && li->bind_conf->is_ssl) {
+			if (li->bind_conf && li->bind_conf->options & BC_O_USE_SSL) {
 				HA_ATOMIC_UPDATE_MAX(&global.ssl_max,
 				                     update_freq_ctr(&global.ssl_per_sec, 1));
 			}
@ -843,7 +843,8 @@ void listener_accept(struct listener *l)
 			max_accept = max;
 	}
 #ifdef USE_OPENSSL
-	if (!(l->options & LI_O_UNLIMITED) && global.ssl_lim && l->bind_conf && l->bind_conf->is_ssl) {
+	if (!(l->options & LI_O_UNLIMITED) && global.ssl_lim &&
+	    l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
 		int max = freq_ctr_remain(&global.ssl_per_sec, global.ssl_lim, 0);

 		if (unlikely(!max)) {
@ -1126,7 +1127,8 @@ void listener_accept(struct listener *l)
 			HA_ATOMIC_UPDATE_MAX(&global.sps_max, count);
 		}
 #ifdef USE_OPENSSL
-		if (!(l->options & LI_O_UNLIMITED) && l->bind_conf && l->bind_conf->is_ssl) {
+		if (!(l->options & LI_O_UNLIMITED) &&
+		    l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
 			count = update_freq_ctr(&global.ssl_per_sec, 1);
 			HA_ATOMIC_UPDATE_MAX(&global.ssl_max, count);
 		}
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -5445,7 +5445,7 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
 	int alloc_ctx;
 	int err;

-	if (!bind_conf->is_ssl) {
+	if (!(bind_conf->options & BC_O_USE_SSL)) {
 		if (bind_conf->default_ctx) {
 			ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
 				   px->id, bind_conf->arg, bind_conf->file, bind_conf->line);