mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-23 06:41:32 +02:00
Code Issues Projects Releases Wiki Activity

MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock

Browse Source 
This one was missing an arg count check which was added in the operation.
This commit is contained in:
Willy Tarreau 2016-12-21 23:28:13 +01:00
parent f22e9683e9
commit 14e36a101c
2 changed files with 25 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/cfgparse.c
View File

@ -1105,22 +1105,6 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
} }
#endif /* SYSTEM_MAXCONN */ #endif /* SYSTEM_MAXCONN */
} }
#ifdef USE_OPENSSL
#ifndef OPENSSL_NO_DH
else if (!strcmp(args[0], "ssl-dh-param-file")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a file path as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (ssl_sock_load_global_dh_param_from_file(args[1])) {
Alert("parsing [%s:%d] : '%s': unable to load DH parameters from file <%s>.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
#endif
#endif
else if (!strcmp(args[0], "ssl-server-verify")) { else if (!strcmp(args[0], "ssl-server-verify")) {
if (alertif_too_many_args(1, file, linenum, args, &err_code)) if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out; goto out;

25
src/ssl_sock.c
View File

@ -6112,6 +6112,28 @@ static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy
} }
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
/* parse "ssl-dh-param-file".
* Returns <0 on alert, >0 on warning, 0 on success.
*/
static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
struct proxy *defpx, const char *file, int line,
char **err)
{
if (too_many_args(1, args, err, NULL))
return -1;
if (*(args[1]) == 0) {
memprintf(err, "'%s' expects a file path as an argument.", args[0]);
return -1;
}
if (ssl_sock_load_global_dh_param_from_file(args[1])) {
memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
return -1;
}
return 0;
}
/* parse "ssl.default-dh-param". /* parse "ssl.default-dh-param".
* Returns <0 on alert, >0 on warning, 0 on success. * Returns <0 on alert, >0 on warning, 0 on success.
*/ */
@ -6539,6 +6561,9 @@ static struct cfg_kw_list cfg_kws = {ILH, {
{ CFG_GLOBAL, "maxsslconn", ssl_parse_global_int }, { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
{ CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options }, { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
{ CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options }, { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
#ifndef OPENSSL_NO_DH
{ CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
#endif
{ CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int }, { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
{ CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh }, { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },