mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-09 16:47:18 +02:00
CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL
The new flag will now replace this boolean variable that was only set and tested.
This commit is contained in:
Willy Tarreau
parent
c694471b21
commit
11ba404c6b
@ -113,6 +113,10 @@ enum li_status {
|
|||||||
* maxconn setting to the global.maxsock value so that its resources are reserved.
|
* maxconn setting to the global.maxsock value so that its resources are reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* flags used with bind_conf->options */
|
||||||
|
#define BC_O_USE_SSL 0x00000001 /* SSL is being used on this bind_conf */
|
||||||
|
|
||||||
|
|
||||||
/* flags used with bind_conf->ssl_options */
|
/* flags used with bind_conf->ssl_options */
|
||||||
#ifdef USE_OPENSSL
|
#ifdef USE_OPENSSL
|
||||||
#define BC_SSL_O_NONE 0x0000
|
#define BC_SSL_O_NONE 0x0000
|
||||||
@ -177,7 +181,6 @@ struct bind_conf {
|
|||||||
const struct mux_proto_list *mux_proto; /* the mux to use for all incoming connections (specified by the "proto" keyword) */
|
const struct mux_proto_list *mux_proto; /* the mux to use for all incoming connections (specified by the "proto" keyword) */
|
||||||
struct xprt_ops *xprt; /* transport-layer operations for all listeners */
|
struct xprt_ops *xprt; /* transport-layer operations for all listeners */
|
||||||
uint options; /* set of BC_O_* flags */
|
uint options; /* set of BC_O_* flags */
|
||||||
int is_ssl; /* SSL is required for these listeners */
|
|
||||||
int generate_certs; /* 1 if generate-certificates option is set, else 0 */
|
int generate_certs; /* 1 if generate-certificates option is set, else 0 */
|
||||||
int level; /* stats access level (ACCESS_LVL_*) */
|
int level; /* stats access level (ACCESS_LVL_*) */
|
||||||
int severity_output; /* default severity output format in cli feedback messages */
|
int severity_output; /* default severity output format in cli feedback messages */
|
||||||
|
|||||||
@ -1118,7 +1118,7 @@ static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bin
|
|||||||
/* Do not change the xprt for QUIC. */
|
/* Do not change the xprt for QUIC. */
|
||||||
if (conf->xprt != xprt_get(XPRT_QUIC))
|
if (conf->xprt != xprt_get(XPRT_QUIC))
|
||||||
conf->xprt = &ssl_sock;
|
conf->xprt = &ssl_sock;
|
||||||
conf->is_ssl = 1;
|
conf->options |= BC_O_USE_SSL;
|
||||||
|
|
||||||
if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
|
if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
|
||||||
conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
|
conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
|
||||||
|
|||||||
@ -3960,14 +3960,14 @@ int check_config_validity()
|
|||||||
|
|
||||||
/* smart accept mode is automatic in HTTP mode */
|
/* smart accept mode is automatic in HTTP mode */
|
||||||
if ((curproxy->options2 & PR_O2_SMARTACC) ||
|
if ((curproxy->options2 & PR_O2_SMARTACC) ||
|
||||||
((curproxy->mode == PR_MODE_HTTP || listener->bind_conf->is_ssl) &&
|
((curproxy->mode == PR_MODE_HTTP || (listener->bind_conf->options & BC_O_USE_SSL)) &&
|
||||||
!(curproxy->no_options2 & PR_O2_SMARTACC)))
|
!(curproxy->no_options2 & PR_O2_SMARTACC)))
|
||||||
listener->options |= LI_O_NOQUICKACK;
|
listener->options |= LI_O_NOQUICKACK;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Release unused SSL configs */
|
/* Release unused SSL configs */
|
||||||
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
|
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
|
||||||
if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf)
|
if (!(bind_conf->options & BC_O_USE_SSL) && bind_conf->xprt->destroy_bind_conf)
|
||||||
bind_conf->xprt->destroy_bind_conf(bind_conf);
|
bind_conf->xprt->destroy_bind_conf(bind_conf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -366,7 +366,7 @@ int conn_update_alpn(struct connection *conn, const struct ist alpn, int force)
|
|||||||
struct session *sess = conn->owner;
|
struct session *sess = conn->owner;
|
||||||
struct listener *li = sess->listener;
|
struct listener *li = sess->listener;
|
||||||
|
|
||||||
if (li->bind_conf && li->bind_conf->is_ssl) {
|
if (li->bind_conf && li->bind_conf->options & BC_O_USE_SSL) {
|
||||||
ctx_alpn_str = li->bind_conf->ssl_conf.alpn_str;
|
ctx_alpn_str = li->bind_conf->ssl_conf.alpn_str;
|
||||||
ctx_alpn_len = li->bind_conf->ssl_conf.alpn_len;
|
ctx_alpn_len = li->bind_conf->ssl_conf.alpn_len;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -152,7 +152,7 @@ struct task *accept_queue_process(struct task *t, void *context, unsigned int st
|
|||||||
if (!(li->options & LI_O_UNLIMITED)) {
|
if (!(li->options & LI_O_UNLIMITED)) {
|
||||||
HA_ATOMIC_UPDATE_MAX(&global.sps_max,
|
HA_ATOMIC_UPDATE_MAX(&global.sps_max,
|
||||||
update_freq_ctr(&global.sess_per_sec, 1));
|
update_freq_ctr(&global.sess_per_sec, 1));
|
||||||
if (li->bind_conf && li->bind_conf->is_ssl) {
|
if (li->bind_conf && li->bind_conf->options & BC_O_USE_SSL) {
|
||||||
HA_ATOMIC_UPDATE_MAX(&global.ssl_max,
|
HA_ATOMIC_UPDATE_MAX(&global.ssl_max,
|
||||||
update_freq_ctr(&global.ssl_per_sec, 1));
|
update_freq_ctr(&global.ssl_per_sec, 1));
|
||||||
}
|
}
|
||||||
@ -843,7 +843,8 @@ void listener_accept(struct listener *l)
|
|||||||
max_accept = max;
|
max_accept = max;
|
||||||
}
|
}
|
||||||
#ifdef USE_OPENSSL
|
#ifdef USE_OPENSSL
|
||||||
if (!(l->options & LI_O_UNLIMITED) && global.ssl_lim && l->bind_conf && l->bind_conf->is_ssl) {
|
if (!(l->options & LI_O_UNLIMITED) && global.ssl_lim &&
|
||||||
|
l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
|
||||||
int max = freq_ctr_remain(&global.ssl_per_sec, global.ssl_lim, 0);
|
int max = freq_ctr_remain(&global.ssl_per_sec, global.ssl_lim, 0);
|
||||||
|
|
||||||
if (unlikely(!max)) {
|
if (unlikely(!max)) {
|
||||||
@ -1126,7 +1127,8 @@ void listener_accept(struct listener *l)
|
|||||||
HA_ATOMIC_UPDATE_MAX(&global.sps_max, count);
|
HA_ATOMIC_UPDATE_MAX(&global.sps_max, count);
|
||||||
}
|
}
|
||||||
#ifdef USE_OPENSSL
|
#ifdef USE_OPENSSL
|
||||||
if (!(l->options & LI_O_UNLIMITED) && l->bind_conf && l->bind_conf->is_ssl) {
|
if (!(l->options & LI_O_UNLIMITED) &&
|
||||||
|
l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
|
||||||
count = update_freq_ctr(&global.ssl_per_sec, 1);
|
count = update_freq_ctr(&global.ssl_per_sec, 1);
|
||||||
HA_ATOMIC_UPDATE_MAX(&global.ssl_max, count);
|
HA_ATOMIC_UPDATE_MAX(&global.ssl_max, count);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5445,7 +5445,7 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
|
|||||||
int alloc_ctx;
|
int alloc_ctx;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (!bind_conf->is_ssl) {
|
if (!(bind_conf->options & BC_O_USE_SSL)) {
|
||||||
if (bind_conf->default_ctx) {
|
if (bind_conf->default_ctx) {
|
||||||
ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
|
ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
|
||||||
px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
|
px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user