MEDIUM: ssl/ckch: use ckch_store instead of ckch_data for ckch_conf_kws

This is an API change, instead of passing a ckch_data alone, the
ckch_conf_kws.func() is called with a ckch_store.

This allows the callback to access the whole ckch_store, with the
ckch_conf and the ckch_data. But it requires the ckch_conf to be
actually put in the ckch_store before.

include/haproxy/acme.h

@@ -4,6 +4,6 @@
 
 #include <haproxy/ssl_ckch-t.h>
 
-int ckch_conf_acme_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
+int ckch_conf_acme_init(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err);
 
 #endif

include/haproxy/ssl_ckch-t.h

@@ -204,7 +204,7 @@ struct ckch_conf_kws {
 	const char *name;
 	ssize_t offset;
 	enum parse_type_t type;
-	int (*func)(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
+	int (*func)(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err);
 };
 
 extern struct ckch_conf_kws ckch_conf_kws[];

include/haproxy/ssl_ckch.h

@@ -90,10 +90,11 @@ extern int (*ssl_commit_crlfile_cb)(const char *path, X509_STORE *ctx, char **er
  *
  */
 #define DECLARE_CKCH_CONF_LOAD(name, base, callback)                                                                                           \
-static inline int ckch_conf_load_##name(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err)   \
+static inline int ckch_conf_load_##name(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err)   \
 {                                                                                                                                              \
 	char path[PATH_MAX];                                                                                                                   \
 	int err_code = 0;                                                                                                                      \
+	struct ckch_data *d = s->data;                                                                                                         \
 	if (cli)                                                                                                                               \
 		return 0;                                                                                                                      \
 	err_code |= path_base(value, (base), path, err);                                                                                       \

include/haproxy/ssl_ocsp.h

@@ -56,7 +56,7 @@ void ssl_destroy_ocsp_update_task(void);
 int ssl_ocsp_update_insert(struct certificate_ocsp *ocsp);
 int __ssl_ocsp_update_insert_unlocked(struct certificate_ocsp *ocsp);
 
-int ocsp_update_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
+int ocsp_update_init(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err);
 
 #endif /* (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) */
 

src/acme.c

@@ -209,7 +209,7 @@ out:
 /*
  * ckch_conf acme parser
  */
-int ckch_conf_acme_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err)
+int ckch_conf_acme_init(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err)
 {
 	int err_code = 0;
 	struct acme_cfg *cfg;

src/ssl_ckch.c

@@ -4785,7 +4785,7 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, co
 				if (!v)
 					goto next;
 
-				rc = ckch_conf_kws[i].func(v, NULL, d, cli, file, linenum, err);
+				rc = ckch_conf_kws[i].func(v, NULL, c, cli, file, linenum, err);
 				if (rc) {
 					err_code |= ERR_ALERT | ERR_FATAL;
 					memprintf(err, "%s '%s' cannot be read or parsed.", err && *err ? *err : "", v);
@@ -4798,7 +4798,7 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, co
 			case PARSE_TYPE_ONOFF:
 			{
 				int v = *(int *)src;
-				rc = ckch_conf_kws[i].func(&v, NULL, d, cli, file, linenum, err);
+				rc = ckch_conf_kws[i].func(&v, NULL, c, cli, file, linenum, err);
 				if (rc) {
 					err_code |= ERR_ALERT | ERR_FATAL;
 					memprintf(err, "%s '%d' cannot be read or parsed.", err && *err ? *err : "", v);
@@ -5222,13 +5222,13 @@ static int crtstore_parse_load(char **args, int section_type, struct proxy *curp
 	if (!c)
 		goto alloc_error;
 
+	c->conf = f;
+	c->conf.used = CKCH_CONF_SET_CRTSTORE;
+
 	err_code |= ckch_store_load_files(&f, c,  0, file, linenum, err);
 	if (err_code & ERR_FATAL)
 		goto out;
 
-	c->conf = f;
-	c->conf.used = CKCH_CONF_SET_CRTSTORE;
-
 	if (ebst_insert(&ckchs_tree, &c->node) != &c->node) {
 		memprintf(err,"parsing [%s:%d] : '%s' in section 'crt-store': store '%s' was already defined.",
 		         file, linenum, args[0], c->path);

src/ssl_ocsp.c

@@ -2087,7 +2087,7 @@ static int ocsp_update_parse_global_http_proxy(char **args, int section_type, st
 	return 0;
 }
 
-int ocsp_update_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err)
+int ocsp_update_init(void *value, char *buf, struct ckch_store *s, int cli, const char *filename, int linenum, char **err)
 {
 	int ocsp_update_mode = *(int *)value;
 	int ret = 0;