REORG: include: move ssl_sock.h to haproxy/ssl_sock{,-t}.h

Almost nothing changed, just moved a static inline at the end and moved an export from the types to the main file.
2025-11-28 14:21:00 +01:00 · 2020-06-04 20:30:20 +02:00 · 2020-06-04 20:30:20 +02:00 · 209108dbbd
commit 209108dbbd
parent 2867159d63
18 changed files with 60 additions and 74 deletions
--- a/contrib/prometheus-exporter/service-prometheus.c
+++ b/contrib/prometheus-exporter/service-prometheus.c
@ -32,7 +32,7 @@
 #include <proto/proxy.h>
 #include <haproxy/sample.h>
 #include <proto/server.h>
-#include <proto/ssl_sock.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/stats.h>
 #include <proto/stream.h>
 #include <proto/stream_interface.h>
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h
@ -1,5 +1,5 @@
 /*
- * include/types/ssl_sock.h
+ * include/haproxy/ssl_sock-t.h
 * SSL settings for listeners and servers
 *
 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
@ -19,18 +19,17 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */

-#ifndef _TYPES_SSL_SOCK_H
-#define _TYPES_SSL_SOCK_H
+#ifndef _HAPROXY_SSL_SOCK_T_H
+#define _HAPROXY_SSL_SOCK_T_H
 #ifdef USE_OPENSSL

-#include <import/ebpttree.h>
-#include <import/ebmbtree.h>
 #include <import/eb64tree.h>
-
-#include <haproxy/connection-t.h> /* struct wait_event */
+#include <import/ebmbtree.h>
+#include <import/ebpttree.h>

 #include <haproxy/buf-t.h>
-#include <haproxy/thread.h>
+#include <haproxy/connection-t.h> /* struct wait_event */
+#include <haproxy/thread-t.h>
 #include <haproxy/list-t.h>
 #include <haproxy/listener-t.h>
 #include <haproxy/openssl-compat.h>
@ -95,6 +94,22 @@ enum {
 	CONF_TLSV_MAX  = 5,
 };

+/* server and bind verify method, it uses a global value as default */
+enum {
+	SSL_SOCK_VERIFY_DEFAULT  = 0,
+	SSL_SOCK_VERIFY_REQUIRED = 1,
+	SSL_SOCK_VERIFY_OPTIONAL = 2,
+	SSL_SOCK_VERIFY_NONE     = 3,
+};
+
+/* states of the CLI IO handler for 'set ssl cert' */
+enum {
+	SETCERT_ST_INIT = 0,
+	SETCERT_ST_GEN,
+	SETCERT_ST_INSERT,
+	SETCERT_ST_FIN,
+};
+
 #if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
 typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
 #else /* openssl >= 1.1.0 */
@ -109,14 +124,6 @@ struct methodVersions {
 	const char *name;
 };

-/* server and bind verify method, it uses a global value as default */
-enum {
-	SSL_SOCK_VERIFY_DEFAULT  = 0,
-	SSL_SOCK_VERIFY_REQUIRED = 1,
-	SSL_SOCK_VERIFY_OPTIONAL = 2,
-	SSL_SOCK_VERIFY_NONE     = 3,
-};
-
 struct pkey_info {
 	uint8_t sig;          /* TLSEXT_signature_[rsa,ecdsa,...] */
 	uint16_t bits;        /* key size in bits */
@ -134,8 +141,6 @@ struct sni_ctx {
 	struct ebmb_node name;    /* node holding the servername value */
 };

-extern struct list tlskeys_reference;
-
 struct tls_sess_key_128 {
 	unsigned char name[16];
 	unsigned char aes_key[16];
@ -171,14 +176,6 @@ struct sh_ssl_sess_hdr {
 	unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH];
 };

-/* states of the CLI IO handler for 'set ssl cert' */
-enum {
-	SETCERT_ST_INIT = 0,
-	SETCERT_ST_GEN,
-	SETCERT_ST_INSERT,
-	SETCERT_ST_FIN,
-};
-
 #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL

 #define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
@ -287,4 +284,4 @@ extern const char *SSL_SOCK_KEYTYPE_NAMES[];
 #endif

 #endif /* USE_OPENSSL */
-#endif /* _TYPES_SSL_SOCK_H */
+#endif /* _HAPROXY_SSL_SOCK_T_H */
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@ -1,5 +1,5 @@
 /*
- * include/proto/ssl_sock.h
+ * include/haproxy/ssl_sock.h
 * This file contains definition for ssl stream socket operations
 *
 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
@ -19,18 +19,20 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */

-#ifndef _PROTO_SSL_SOCK_H
-#define _PROTO_SSL_SOCK_H
+#ifndef _HAPROXY_SSL_SOCK_H
+#define _HAPROXY_SSL_SOCK_H
 #ifdef USE_OPENSSL

+
 #include <haproxy/connection.h>
 #include <haproxy/openssl-compat.h>
+#include <haproxy/ssl_sock-t.h>
+#include <haproxy/pool-t.h>
+#include <haproxy/thread.h>

 #include <types/proxy.h>
-#include <types/ssl_sock.h>
-#include <types/stream_interface.h>
-

+extern struct list tlskeys_reference;
 extern int sslconns;
 extern int totalsslconns;
 extern struct eb_root ckchs_tree;
@ -46,16 +48,6 @@ extern int nb_engines;
 extern struct xprt_ops ssl_sock;
 extern int ssl_capture_ptr_index;

-/* boolean, returns true if connection is over SSL */
-static inline
-int ssl_sock_is_ssl(struct connection *conn)
-{
-	if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
-		return 0;
-	else
-		return 1;
-}
-
 int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *, SSL_CTX *ctx, char **err);
 int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf);
 int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf);
@ -129,8 +121,19 @@ int ssl_sock_register_msg_callback(ssl_sock_msg_callback_func func);

 SSL *ssl_sock_get_ssl_object(struct connection *conn);

+/* boolean, returns true if connection is over SSL */
+static inline
+int ssl_sock_is_ssl(struct connection *conn)
+{
+	if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
+		return 0;
+	else
+		return 1;
+}
+
+
 #endif /* USE_OPENSSL */
-#endif /* _PROTO_SSL_SOCK_H */
+#endif /* _HAPROXY_SSL_SOCK_H */

 /*
 * Local variables:
--- a/include/types/server.h
+++ b/include/types/server.h
@ -32,6 +32,7 @@
 #include <haproxy/list-t.h>
 #include <haproxy/listener-t.h>
 #include <haproxy/obj_type-t.h>
+#include <haproxy/ssl_sock-t.h>
 #include <haproxy/thread.h>
 #include <haproxy/openssl-compat.h>

@ -40,7 +41,6 @@
 #include <haproxy/connection-t.h>
 #include <haproxy/freq_ctr-t.h>
 #include <types/queue.h>
-#include <types/ssl_sock.h>
 #include <haproxy/task-t.h>


--- a/src/backend.c
+++ b/src/backend.c
@ -35,6 +35,7 @@
 #include <haproxy/obj_type.h>
 #include <haproxy/payload.h>
 #include <haproxy/session.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/task.h>
 #include <haproxy/ticks.h>
 #include <haproxy/time.h>
@ -55,7 +56,6 @@
 #include <proto/server.h>
 #include <proto/stream.h>
 #include <proto/stream_interface.h>
-#include <proto/ssl_sock.h>

 #define TRACE_SOURCE &trace_strm

--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@ -36,10 +36,7 @@
 #include <common/cfgparse.h>
 #include <haproxy/listener.h>
 #include <haproxy/openssl-compat.h>
-
-#include <types/ssl_sock.h>
-
-#include <proto/ssl_sock.h>
+#include <haproxy/ssl_sock.h>


 /****************** Global Section Parsing ********************************************/
--- a/src/check.c
+++ b/src/check.c
@ -47,6 +47,7 @@
 #include <haproxy/h1.h>
 #include <haproxy/htx.h>
 #include <haproxy/signal.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/stats-t.h>
 #include <haproxy/task.h>
 #include <haproxy/vars.h>
@ -66,7 +67,6 @@
 #include <proto/stream_interface.h>
 #include <proto/log.h>
 #include <haproxy/proto_udp.h>
-#include <proto/ssl_sock.h>
 #include <haproxy/sample.h>

 static int tcpcheck_get_step_id(struct check *, struct tcpcheck_rule *);
--- a/src/connection.c
+++ b/src/connection.c
@ -24,7 +24,7 @@
 #include <haproxy/proto_tcp.h>
 #include <proto/stream_interface.h>
 #include <haproxy/sample.h>
-#include <proto/ssl_sock.h>
+#include <haproxy/ssl_sock.h>


 DECLARE_POOL(pool_head_connection, "connection",  sizeof(struct connection));
--- a/src/haproxy.c
+++ b/src/haproxy.c
@ -106,6 +106,7 @@
 #include <haproxy/regex.h>
 #include <haproxy/session.h>
 #include <haproxy/signal.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/tools.h>
 #include <haproxy/time.h>
 #include <haproxy/uri_auth-t.h>
@ -131,7 +132,6 @@
 #include <proto/queue.h>
 #include <proto/server.h>
 #include <proto/stream.h>
-#include <proto/ssl_sock.h>

 /* array of init calls for older platforms */
 DECLARE_INIT_STAGES;
--- a/src/log.c
+++ b/src/log.c
@ -29,6 +29,7 @@
 #include <haproxy/cli.h>
 #include <haproxy/frontend.h>
 #include <haproxy/http.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/tools.h>
 #include <haproxy/time.h>
 #include <haproxy/version.h>
@ -41,7 +42,6 @@
 #include <haproxy/ring.h>
 #include <haproxy/sample.h>
 #include <haproxy/sink.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream.h>
 #include <proto/stream_interface.h>

--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@ -23,12 +23,12 @@
 #include <haproxy/net_helper.h>
 #include <haproxy/regex.h>
 #include <haproxy/session-t.h>
+#include <haproxy/ssl_sock.h>

 #include <types/proxy.h>

 #include <proto/fcgi-app.h>
 #include <proto/log.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream.h>
 #include <proto/stream_interface.h>
 #include <haproxy/trace.h>
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@ -25,15 +25,13 @@
 #include <haproxy/cli.h>
 #include <haproxy/errors.h>
 #include <haproxy/ssl_ckch.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
 #include <haproxy/tools.h>

 #include <import/ebsttree.h>

-#include <types/ssl_sock.h>
-
 #include <proto/channel.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream_interface.h>

 /* Uncommitted CKCH transaction */
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@ -19,17 +19,15 @@
 #include <haproxy/errors.h>
 #include <haproxy/ssl_ckch.h>
 #include <haproxy/ssl_crtlist.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/tools.h>

 #include <dirent.h>
 #include <import/ebpttree.h>
 #include <import/ebsttree.h>

-#include <types/ssl_sock.h>
-
 #include <proto/channel.h>
 #include <proto/stream_interface.h>
-#include <proto/ssl_sock.h>

 /* release ssl bind conf */
 void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@ -26,13 +26,11 @@
 #include <haproxy/obj_type.h>
 #include <haproxy/openssl-compat.h>
 #include <haproxy/sample.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
 #include <haproxy/tools.h>

-#include <types/ssl_sock.h>
-
 #include <haproxy/arg.h>
-#include <proto/ssl_sock.h>


 /***** Below are some sample fetching functions for ACL/patterns *****/
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -57,6 +57,7 @@
 #include <haproxy/shctx.h>
 #include <haproxy/ssl_ckch.h>
 #include <haproxy/ssl_crtlist.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
 #include <haproxy/stats-t.h>
 #include <haproxy/task.h>
@ -69,8 +70,6 @@
 #include <import/ebpttree.h>
 #include <import/ebsttree.h>

-#include <types/ssl_sock.h>
-
 #include <haproxy/arg.h>
 #include <proto/channel.h>
 #include <haproxy/fd.h>
@ -81,7 +80,6 @@
 #include <proto/stream_interface.h>
 #include <proto/log.h>
 #include <proto/proxy.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream.h>

 /* ***** READ THIS before adding code here! *****
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@ -15,10 +15,7 @@
 #include <haproxy/api.h>
 #include <haproxy/buf-t.h>
 #include <haproxy/openssl-compat.h>
-
-#include <proto/ssl_sock.h>
-
-#include <types/ssl_sock.h>
+#include <haproxy/ssl_sock.h>

 /* fill a buffer with the algorithm and size of a public key */
 int cert_get_pkey_algo(X509 *crt, struct buffer *out)
--- a/src/stats.c
+++ b/src/stats.c
@ -43,6 +43,7 @@
 #include <haproxy/map-t.h>
 #include <haproxy/pattern-t.h>
 #include <haproxy/session.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/stats.h>
 #include <haproxy/task.h>
 #include <haproxy/tools.h>
@ -59,7 +60,6 @@
 #include <proto/log.h>
 #include <haproxy/pipe.h>
 #include <proto/proxy.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream.h>
 #include <proto/server.h>
 #include <proto/stream_interface.h>
--- a/src/tools.c
+++ b/src/tools.c
@ -46,10 +46,10 @@
 #include <haproxy/hlua.h>
 #include <haproxy/listener.h>
 #include <haproxy/namespace.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/task.h>
 #include <haproxy/tools.h>
 #include <haproxy/proto_udp.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream_interface.h>

 /* This macro returns false if the test __x is false. Many