MINOR: acme: add configuration for the crt-store

Add new acme keywords for the ckch_conf parsing, which will be used on a
crt-store, a crt line in a frontend, or even a crt-list.

The cfg_postparser_acme() is called in order to check if a section referenced
elsewhere really exists in the config file.

include/haproxy/acme.h

@@ -0,0 +1,9 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#ifndef _ACME_H_
+#define _ACME_H_
+
+#include <haproxy/ssl_ckch-t.h>
+
+int ckch_conf_acme_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
+
+#endif

include/haproxy/ssl_ckch-t.h

@@ -67,6 +67,10 @@ struct ckch_conf {
 	char *issuer;
 	char *sctl;
 	int ocsp_update_mode;
+	struct {
+		char *id;
+		char **domains;
+	} acme;
 };
 
 /*

src/acme.c

@@ -66,6 +66,35 @@ struct acme_cfg *new_acme_cfg(const char *name)
 	return ret;
 }
 
+/*
+ * ckch_conf acme parser
+ */
+int ckch_conf_acme_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err)
+{
+	int err_code = 0;
+	struct acme_cfg *cfg;
+
+	cfg = new_acme_cfg(value);
+	if (!cfg) {
+		memprintf(err, "out of memory.\n");
+		err_code |= ERR_FATAL| ERR_ALERT;
+		goto error;
+	}
+
+	if (cfg->linenum == 0) {
+		cfg->filename = strdup(filename);
+                /* store the linenum as a negative value because is the one of
+                 * the crt-store, not the one of the section. It will be replace
+                 * by the one of the section once initialized
+                 */
+                cfg->linenum = -linenum;
+	}
+
+error:
+	return err_code;
+}
+
+
 /* acme section parser
  * Fill the acme_cfgs linked list
  */
@@ -312,6 +341,30 @@ static int cfg_postsection_acme()
 	return err_code;
 }
 
+/* postparser function checks if the ACME section was declared */
+static int cfg_postparser_acme()
+{
+	struct acme_cfg *tmp_acme = acme_cfgs;
+	int ret = 0;
+
+        /* first check if the ID was already used */
+	while (tmp_acme) {
+		/* if the linenum is not > 0, it means the acme keyword was used without declaring a section, and the
+		 * linenum of the crt-store is stored negatively */
+		if (tmp_acme->linenum <= 0) {
+			ret++;
+			ha_alert("acme '%s' was used on a crt line [%s:%d], but no '%s' section exists!\n",
+			         tmp_acme->name, tmp_acme->filename, -tmp_acme->linenum, tmp_acme->name);
+		}
+		tmp_acme = tmp_acme->next;
+	}
+
+
+	return ret;
+}
+
+REGISTER_CONFIG_POSTPARSER("acme", cfg_postparser_acme);
+
 void deinit_acme()
 {
 	struct acme_cfg *next = NULL;

src/ssl_ckch.c

@@ -26,6 +26,7 @@
 #include <import/ebpttree.h>
 #include <import/ebsttree.h>
 
+#include <haproxy/acme.h>
 #include <haproxy/applet.h>
 #include <haproxy/base64.h>
 #include <haproxy/cfgparse.h>
@@ -4555,6 +4556,8 @@ struct ckch_conf_kws ckch_conf_kws[] = {
 #if defined(HAVE_SSL_OCSP)
 	{ "ocsp-update",  offsetof(struct ckch_conf, ocsp_update_mode), PARSE_TYPE_ONOFF, ocsp_update_init,               },
 #endif
+	{ "acme",         offsetof(struct ckch_conf, acme.id),          PARSE_TYPE_STR,   ckch_conf_acme_init,            },
+	{ "domains",      offsetof(struct ckch_conf, acme.domains),     PARSE_TYPE_ARRAY_SUBSTR,   NULL,            },
 	{ NULL,          -1,                                            PARSE_TYPE_STR,   NULL,                           }
 };