mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 14:21:25 +02:00
Code Issues Projects Releases Wiki Activity

CLEANUP: servers: do not include openssl-compat

Browse Source 
This is exactly the same as for listeners, servers only include
openssl-compat to provide the SSL_CTX type to use as two pointers to
contexts, and to detect if NPN, ALPN, and cipher suites are supported,
and save up to 5 pointers in the ssl_ctx struct if not supported. This
is pointless, as these ones have all been supported for about a decade,
and including this file comes with a long dependency chain that impacts
lots of other files. The ctx was made a void*.

Now the build time was significantly reduced, from 9.2 to 8.1 seconds,
thanks to opensslconf.h being included "only" 456 times instead of 2424
previously!

The total number of lines of code compiled was reduced by 15%.
This commit is contained in:
Willy Tarreau 2021-10-06 11:23:32 +02:00
parent b0d8194684
commit 340ef2502e
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
include/haproxy/server-t.h
View File

@ -35,10 +35,8 @@
#include <haproxy/freq_ctr-t.h>
#include <haproxy/listener-t.h>
#include <haproxy/obj_type-t.h>
#include <haproxy/openssl-compat.h>
#include <haproxy/queue-t.h>
#include <haproxy/resolvers-t.h>
#include <haproxy/ssl_sock-t.h>
#include <haproxy/stats-t.h>
#include <haproxy/task-t.h>
#include <haproxy/thread-t.h>
@ -330,7 +328,7 @@ struct server {
char *sni_expr; /* Temporary variable to store a sample expression for SNI */
struct {
SSL_CTX *ctx;
void *ctx;
struct {
unsigned char *ptr;
int size;
@ -341,9 +339,7 @@ struct server {
__decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */
char *ciphers; /* cipher suite to use if non-null */
#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
char *ciphersuites; /* TLS 1.3 cipher suite to use if non-null */
#endif
int options; /* ssl options */
int verify; /* verify method (set of SSL_VERIFY_* flags) */
struct tls_version_filter methods; /* ssl methods */
@ -351,14 +347,10 @@ struct server {
char *ca_file; /* CAfile to use on verify */
char *crl_file; /* CRLfile to use on verify */
struct sample_expr *sni; /* sample expression for SNI */
#ifdef OPENSSL_NPN_NEGOTIATED
char *npn_str; /* NPN protocol string */
int npn_len; /* NPN protocol string length */
#endif
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
char *alpn_str; /* ALPN protocol string */
int alpn_len; /* ALPN protocol string length */
#endif
} ssl_ctx;
#ifdef USE_QUIC
struct quic_transport_params quic_params; /* QUIC transport parameters */