mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-28 22:31:06 +01:00
Code Issues Projects Releases Wiki Activity

REORG: include: move ssl_sock.h to haproxy/ssl_sock{,-t}.h

Browse Source 
Almost nothing changed, just moved a static inline at the end and moved
an export from the types to the main file.
This commit is contained in:
Willy Tarreau 2020-06-04 20:30:20 +02:00
parent 2867159d63
commit 209108dbbd
18 changed files with 60 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/prometheus-exporter/service-prometheus.c
View File

@ -32,7 +32,7 @@
#include <proto/proxy.h> #include <proto/proxy.h>
#include <haproxy/sample.h> #include <haproxy/sample.h>
#include <proto/server.h> #include <proto/server.h>
#include <proto/ssl_sock.h> #include <haproxy/ssl_sock.h>
#include <haproxy/stats.h> #include <haproxy/stats.h>
#include <proto/stream.h> #include <proto/stream.h>
#include <proto/stream_interface.h> #include <proto/stream_interface.h>

51
include/types/ssl_sock.h → include/haproxy/ssl_sock-t.h
View File

@ -1,5 +1,5 @@
/* /*
* include/types/ssl_sock.h * include/haproxy/ssl_sock-t.h
* SSL settings for listeners and servers * SSL settings for listeners and servers
* *
* Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr> * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
@ -19,18 +19,17 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ */
#ifndef _TYPES_SSL_SOCK_H #ifndef _HAPROXY_SSL_SOCK_T_H
#define _TYPES_SSL_SOCK_H #define _HAPROXY_SSL_SOCK_T_H
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
#include <import/ebpttree.h>
#include <import/ebmbtree.h>
#include <import/eb64tree.h> #include <import/eb64tree.h>
#include <import/ebmbtree.h>
#include <haproxy/connection-t.h> /* struct wait_event */ #include <import/ebpttree.h>
#include <haproxy/buf-t.h> #include <haproxy/buf-t.h>
#include <haproxy/thread.h> #include <haproxy/connection-t.h> /* struct wait_event */
#include <haproxy/thread-t.h>
#include <haproxy/list-t.h> #include <haproxy/list-t.h>
#include <haproxy/listener-t.h> #include <haproxy/listener-t.h>
#include <haproxy/openssl-compat.h> #include <haproxy/openssl-compat.h>
@ -95,6 +94,22 @@ enum {
CONF_TLSV_MAX = 5, CONF_TLSV_MAX = 5,
}; };
/* server and bind verify method, it uses a global value as default */
enum {
SSL_SOCK_VERIFY_DEFAULT = 0,
SSL_SOCK_VERIFY_REQUIRED = 1,
SSL_SOCK_VERIFY_OPTIONAL = 2,
SSL_SOCK_VERIFY_NONE = 3,
};
/* states of the CLI IO handler for 'set ssl cert' */
enum {
SETCERT_ST_INIT = 0,
SETCERT_ST_GEN,
SETCERT_ST_INSERT,
SETCERT_ST_FIN,
};
#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) #if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
typedef enum { SET_CLIENT, SET_SERVER } set_context_func; typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
#else /* openssl >= 1.1.0 */ #else /* openssl >= 1.1.0 */
@ -109,14 +124,6 @@ struct methodVersions {
const char *name; const char *name;
}; };
/* server and bind verify method, it uses a global value as default */
enum {
SSL_SOCK_VERIFY_DEFAULT = 0,
SSL_SOCK_VERIFY_REQUIRED = 1,
SSL_SOCK_VERIFY_OPTIONAL = 2,
SSL_SOCK_VERIFY_NONE = 3,
};
struct pkey_info { struct pkey_info {
uint8_t sig; /* TLSEXT_signature_[rsa,ecdsa,...] */ uint8_t sig; /* TLSEXT_signature_[rsa,ecdsa,...] */
uint16_t bits; /* key size in bits */ uint16_t bits; /* key size in bits */
@ -134,8 +141,6 @@ struct sni_ctx {
struct ebmb_node name; /* node holding the servername value */ struct ebmb_node name; /* node holding the servername value */
}; };
extern struct list tlskeys_reference;
struct tls_sess_key_128 { struct tls_sess_key_128 {
unsigned char name[16]; unsigned char name[16];
unsigned char aes_key[16]; unsigned char aes_key[16];
@ -171,14 +176,6 @@ struct sh_ssl_sess_hdr {
unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH]; unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH];
}; };
/* states of the CLI IO handler for 'set ssl cert' */
enum {
SETCERT_ST_INIT = 0,
SETCERT_ST_GEN,
SETCERT_ST_INSERT,
SETCERT_ST_FIN,
};
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES)) #define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
@ -287,4 +284,4 @@ extern const char *SSL_SOCK_KEYTYPE_NAMES[];
#endif #endif
#endif /* USE_OPENSSL */ #endif /* USE_OPENSSL */
#endif /* _TYPES_SSL_SOCK_H */ #endif /* _HAPROXY_SSL_SOCK_T_H */

37
include/proto/ssl_sock.h → include/haproxy/ssl_sock.h
View File

@ -1,5 +1,5 @@
/* /*
* include/proto/ssl_sock.h * include/haproxy/ssl_sock.h
* This file contains definition for ssl stream socket operations * This file contains definition for ssl stream socket operations
* *
* Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr> * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
@ -19,18 +19,20 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ */
#ifndef _PROTO_SSL_SOCK_H #ifndef _HAPROXY_SSL_SOCK_H
#define _PROTO_SSL_SOCK_H #define _HAPROXY_SSL_SOCK_H
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
#include <haproxy/connection.h> #include <haproxy/connection.h>
#include <haproxy/openssl-compat.h> #include <haproxy/openssl-compat.h>
#include <haproxy/ssl_sock-t.h>
#include <haproxy/pool-t.h>
#include <haproxy/thread.h>
#include <types/proxy.h> #include <types/proxy.h>
#include <types/ssl_sock.h>
#include <types/stream_interface.h>
extern struct list tlskeys_reference;
extern int sslconns; extern int sslconns;
extern int totalsslconns; extern int totalsslconns;
extern struct eb_root ckchs_tree; extern struct eb_root ckchs_tree;
@ -46,16 +48,6 @@ extern int nb_engines;
extern struct xprt_ops ssl_sock; extern struct xprt_ops ssl_sock;
extern int ssl_capture_ptr_index; extern int ssl_capture_ptr_index;
/* boolean, returns true if connection is over SSL */
static inline
int ssl_sock_is_ssl(struct connection *conn)
{
if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
return 0;
else
return 1;
}
int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *, SSL_CTX *ctx, char **err); int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *, SSL_CTX *ctx, char **err);
int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf); int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf);
int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf); int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf);
@ -129,8 +121,19 @@ int ssl_sock_register_msg_callback(ssl_sock_msg_callback_func func);
SSL *ssl_sock_get_ssl_object(struct connection *conn); SSL *ssl_sock_get_ssl_object(struct connection *conn);
/* boolean, returns true if connection is over SSL */
static inline
int ssl_sock_is_ssl(struct connection *conn)
{
if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
return 0;
else
return 1;
}
#endif /* USE_OPENSSL */ #endif /* USE_OPENSSL */
#endif /* _PROTO_SSL_SOCK_H */ #endif /* _HAPROXY_SSL_SOCK_H */
/* /*
* Local variables: * Local variables:

2
include/types/server.h
View File

@ -32,6 +32,7 @@
#include <haproxy/list-t.h> #include <haproxy/list-t.h>
#include <haproxy/listener-t.h> #include <haproxy/listener-t.h>
#include <haproxy/obj_type-t.h> #include <haproxy/obj_type-t.h>
#include <haproxy/ssl_sock-t.h>
#include <haproxy/thread.h> #include <haproxy/thread.h>
#include <haproxy/openssl-compat.h> #include <haproxy/openssl-compat.h>
@ -40,7 +41,6 @@
#include <haproxy/connection-t.h> #include <haproxy/connection-t.h>
#include <haproxy/freq_ctr-t.h> #include <haproxy/freq_ctr-t.h>
#include <types/queue.h> #include <types/queue.h>
#include <types/ssl_sock.h>
#include <haproxy/task-t.h> #include <haproxy/task-t.h>

2
src/backend.c
View File

@ -35,6 +35,7 @@
#include <haproxy/obj_type.h> #include <haproxy/obj_type.h>
#include <haproxy/payload.h> #include <haproxy/payload.h>
#include <haproxy/session.h> #include <haproxy/session.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/task.h> #include <haproxy/task.h>
#include <haproxy/ticks.h> #include <haproxy/ticks.h>
#include <haproxy/time.h> #include <haproxy/time.h>
@ -55,7 +56,6 @@
#include <proto/server.h> #include <proto/server.h>
#include <proto/stream.h> #include <proto/stream.h>
#include <proto/stream_interface.h> #include <proto/stream_interface.h>
#include <proto/ssl_sock.h>
#define TRACE_SOURCE &trace_strm #define TRACE_SOURCE &trace_strm

5
src/cfgparse-ssl.c
View File

@ -36,10 +36,7 @@
#include <common/cfgparse.h> #include <common/cfgparse.h>
#include <haproxy/listener.h> #include <haproxy/listener.h>
#include <haproxy/openssl-compat.h> #include <haproxy/openssl-compat.h>
#include <haproxy/ssl_sock.h>
#include <types/ssl_sock.h>
#include <proto/ssl_sock.h>
/****************** Global Section Parsing ********************************************/ /****************** Global Section Parsing ********************************************/

2
src/check.c
View File

@ -47,6 +47,7 @@
#include <haproxy/h1.h> #include <haproxy/h1.h>
#include <haproxy/htx.h> #include <haproxy/htx.h>
#include <haproxy/signal.h> #include <haproxy/signal.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/stats-t.h> #include <haproxy/stats-t.h>
#include <haproxy/task.h> #include <haproxy/task.h>
#include <haproxy/vars.h> #include <haproxy/vars.h>
@ -66,7 +67,6 @@
#include <proto/stream_interface.h> #include <proto/stream_interface.h>
#include <proto/log.h> #include <proto/log.h>
#include <haproxy/proto_udp.h> #include <haproxy/proto_udp.h>
#include <proto/ssl_sock.h>
#include <haproxy/sample.h> #include <haproxy/sample.h>
static int tcpcheck_get_step_id(struct check *, struct tcpcheck_rule *); static int tcpcheck_get_step_id(struct check *, struct tcpcheck_rule *);

2
src/connection.c
View File

@ -24,7 +24,7 @@
#include <haproxy/proto_tcp.h> #include <haproxy/proto_tcp.h>
#include <proto/stream_interface.h> #include <proto/stream_interface.h>
#include <haproxy/sample.h> #include <haproxy/sample.h>
#include <proto/ssl_sock.h> #include <haproxy/ssl_sock.h>
DECLARE_POOL(pool_head_connection, "connection", sizeof(struct connection)); DECLARE_POOL(pool_head_connection, "connection", sizeof(struct connection));

2
src/haproxy.c
View File

@ -106,6 +106,7 @@
#include <haproxy/regex.h> #include <haproxy/regex.h>
#include <haproxy/session.h> #include <haproxy/session.h>
#include <haproxy/signal.h> #include <haproxy/signal.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/tools.h> #include <haproxy/tools.h>
#include <haproxy/time.h> #include <haproxy/time.h>
#include <haproxy/uri_auth-t.h> #include <haproxy/uri_auth-t.h>
@ -131,7 +132,6 @@
#include <proto/queue.h> #include <proto/queue.h>
#include <proto/server.h> #include <proto/server.h>
#include <proto/stream.h> #include <proto/stream.h>
#include <proto/ssl_sock.h>
/* array of init calls for older platforms */ /* array of init calls for older platforms */
DECLARE_INIT_STAGES; DECLARE_INIT_STAGES;

2
src/log.c
View File

@ -29,6 +29,7 @@
#include <haproxy/cli.h> #include <haproxy/cli.h>
#include <haproxy/frontend.h> #include <haproxy/frontend.h>
#include <haproxy/http.h> #include <haproxy/http.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/tools.h> #include <haproxy/tools.h>
#include <haproxy/time.h> #include <haproxy/time.h>
#include <haproxy/version.h> #include <haproxy/version.h>
@ -41,7 +42,6 @@
#include <haproxy/ring.h> #include <haproxy/ring.h>
#include <haproxy/sample.h> #include <haproxy/sample.h>
#include <haproxy/sink.h> #include <haproxy/sink.h>
#include <proto/ssl_sock.h>
#include <proto/stream.h> #include <proto/stream.h>
#include <proto/stream_interface.h> #include <proto/stream_interface.h>

2
src/mux_fcgi.c
View File

@ -23,12 +23,12 @@
#include <haproxy/net_helper.h> #include <haproxy/net_helper.h>
#include <haproxy/regex.h> #include <haproxy/regex.h>
#include <haproxy/session-t.h> #include <haproxy/session-t.h>
#include <haproxy/ssl_sock.h>
#include <types/proxy.h> #include <types/proxy.h>
#include <proto/fcgi-app.h> #include <proto/fcgi-app.h>
#include <proto/log.h> #include <proto/log.h>
#include <proto/ssl_sock.h>
#include <proto/stream.h> #include <proto/stream.h>
#include <proto/stream_interface.h> #include <proto/stream_interface.h>
#include <haproxy/trace.h> #include <haproxy/trace.h>

4
src/ssl_ckch.c
View File

@ -25,15 +25,13 @@
#include <haproxy/cli.h> #include <haproxy/cli.h>
#include <haproxy/errors.h> #include <haproxy/errors.h>
#include <haproxy/ssl_ckch.h> #include <haproxy/ssl_ckch.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/ssl_utils.h> #include <haproxy/ssl_utils.h>
#include <haproxy/tools.h> #include <haproxy/tools.h>
#include <import/ebsttree.h> #include <import/ebsttree.h>
#include <types/ssl_sock.h>
#include <proto/channel.h> #include <proto/channel.h>
#include <proto/ssl_sock.h>
#include <proto/stream_interface.h> #include <proto/stream_interface.h>
/* Uncommitted CKCH transaction */ /* Uncommitted CKCH transaction */

4
src/ssl_crtlist.c
View File

@ -19,17 +19,15 @@
#include <haproxy/errors.h> #include <haproxy/errors.h>
#include <haproxy/ssl_ckch.h> #include <haproxy/ssl_ckch.h>
#include <haproxy/ssl_crtlist.h> #include <haproxy/ssl_crtlist.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/tools.h> #include <haproxy/tools.h>
#include <dirent.h> #include <dirent.h>
#include <import/ebpttree.h> #include <import/ebpttree.h>
#include <import/ebsttree.h> #include <import/ebsttree.h>
#include <types/ssl_sock.h>
#include <proto/channel.h> #include <proto/channel.h>
#include <proto/stream_interface.h> #include <proto/stream_interface.h>
#include <proto/ssl_sock.h>
/* release ssl bind conf */ /* release ssl bind conf */
void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf) void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)

4
src/ssl_sample.c
View File

@ -26,13 +26,11 @@
#include <haproxy/obj_type.h> #include <haproxy/obj_type.h>
#include <haproxy/openssl-compat.h> #include <haproxy/openssl-compat.h>
#include <haproxy/sample.h> #include <haproxy/sample.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/ssl_utils.h> #include <haproxy/ssl_utils.h>
#include <haproxy/tools.h> #include <haproxy/tools.h>
#include <types/ssl_sock.h>
#include <haproxy/arg.h> #include <haproxy/arg.h>
#include <proto/ssl_sock.h>
/***** Below are some sample fetching functions for ACL/patterns *****/ /***** Below are some sample fetching functions for ACL/patterns *****/

4
src/ssl_sock.c
View File

@ -57,6 +57,7 @@
#include <haproxy/shctx.h> #include <haproxy/shctx.h>
#include <haproxy/ssl_ckch.h> #include <haproxy/ssl_ckch.h>
#include <haproxy/ssl_crtlist.h> #include <haproxy/ssl_crtlist.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/ssl_utils.h> #include <haproxy/ssl_utils.h>
#include <haproxy/stats-t.h> #include <haproxy/stats-t.h>
#include <haproxy/task.h> #include <haproxy/task.h>
@ -69,8 +70,6 @@
#include <import/ebpttree.h> #include <import/ebpttree.h>
#include <import/ebsttree.h> #include <import/ebsttree.h>
#include <types/ssl_sock.h>
#include <haproxy/arg.h> #include <haproxy/arg.h>
#include <proto/channel.h> #include <proto/channel.h>
#include <haproxy/fd.h> #include <haproxy/fd.h>
@ -81,7 +80,6 @@
#include <proto/stream_interface.h> #include <proto/stream_interface.h>
#include <proto/log.h> #include <proto/log.h>
#include <proto/proxy.h> #include <proto/proxy.h>
#include <proto/ssl_sock.h>
#include <proto/stream.h> #include <proto/stream.h>
/* ***** READ THIS before adding code here! ***** /* ***** READ THIS before adding code here! *****

5
src/ssl_utils.c
View File

@ -15,10 +15,7 @@
#include <haproxy/api.h> #include <haproxy/api.h>
#include <haproxy/buf-t.h> #include <haproxy/buf-t.h>
#include <haproxy/openssl-compat.h> #include <haproxy/openssl-compat.h>
#include <haproxy/ssl_sock.h>
#include <proto/ssl_sock.h>
#include <types/ssl_sock.h>
/* fill a buffer with the algorithm and size of a public key */ /* fill a buffer with the algorithm and size of a public key */
int cert_get_pkey_algo(X509 *crt, struct buffer *out) int cert_get_pkey_algo(X509 *crt, struct buffer *out)

2
src/stats.c
View File

@ -43,6 +43,7 @@
#include <haproxy/map-t.h> #include <haproxy/map-t.h>
#include <haproxy/pattern-t.h> #include <haproxy/pattern-t.h>
#include <haproxy/session.h> #include <haproxy/session.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/stats.h> #include <haproxy/stats.h>
#include <haproxy/task.h> #include <haproxy/task.h>
#include <haproxy/tools.h> #include <haproxy/tools.h>
@ -59,7 +60,6 @@
#include <proto/log.h> #include <proto/log.h>
#include <haproxy/pipe.h> #include <haproxy/pipe.h>
#include <proto/proxy.h> #include <proto/proxy.h>
#include <proto/ssl_sock.h>
#include <proto/stream.h> #include <proto/stream.h>
#include <proto/server.h> #include <proto/server.h>
#include <proto/stream_interface.h> #include <proto/stream_interface.h>

2
src/tools.c
View File

@ -46,10 +46,10 @@
#include <haproxy/hlua.h> #include <haproxy/hlua.h>
#include <haproxy/listener.h> #include <haproxy/listener.h>
#include <haproxy/namespace.h> #include <haproxy/namespace.h>
#include <haproxy/ssl_sock.h>
#include <haproxy/task.h> #include <haproxy/task.h>
#include <haproxy/tools.h> #include <haproxy/tools.h>
#include <haproxy/proto_udp.h> #include <haproxy/proto_udp.h>
#include <proto/ssl_sock.h>
#include <proto/stream_interface.h> #include <proto/stream_interface.h>
/* This macro returns false if the test __x is false. Many /* This macro returns false if the test __x is false. Many