mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-29 23:01:03 +01:00
Code Issues Projects Releases Wiki Activity

CLEANUP: ssl/cli: remove test on 'multi' variable in CLI functions

Browse Source 
The multi variable is not useful anymore since the removal of the
multi-certificates bundle support. It can be removed safely from the CLI
functions and suppose that every ckch contains a single certificate.
This commit is contained in:
William Lallemand 2020-09-16 16:12:25 +02:00 committed by William Lallemand
parent bd8e6eda59
commit 5685ccf75e
1 changed files with 101 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
src/ssl_ckch.c
View File

@ -921,20 +921,7 @@ static int cli_io_handler_show_cert(struct appctx *appctx)
if (ckchs_transaction.old_ckchs) { if (ckchs_transaction.old_ckchs) {
ckchs = ckchs_transaction.old_ckchs; ckchs = ckchs_transaction.old_ckchs;
chunk_appendf(trash, "# transaction\n"); chunk_appendf(trash, "# transaction\n");
if (!ckchs->multi) {
chunk_appendf(trash, "*%s\n", ckchs->path); chunk_appendf(trash, "*%s\n", ckchs->path);
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
} else {
int n;
chunk_appendf(trash, "*%s:", ckchs->path);
for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
if (ckchs->ckch[n].cert)
chunk_appendf(trash, " %s.%s\n", ckchs->path, SSL_SOCK_KEYTYPE_NAMES[n]);
}
chunk_appendf(trash, "\n");
#endif
}
} }
} }
@ -946,20 +933,7 @@ static int cli_io_handler_show_cert(struct appctx *appctx)
} }
while (node) { while (node) {
ckchs = ebmb_entry(node, struct ckch_store, node); ckchs = ebmb_entry(node, struct ckch_store, node);
if (!ckchs->multi) {
chunk_appendf(trash, "%s\n", ckchs->path); chunk_appendf(trash, "%s\n", ckchs->path);
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
} else {
int n;
chunk_appendf(trash, "%s:", ckchs->path);
for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
if (ckchs->ckch[n].cert)
chunk_appendf(trash, " %s.%s", ckchs->path, SSL_SOCK_KEYTYPE_NAMES[n]);
}
chunk_appendf(trash, "\n");
#endif
}
node = ebmb_next(node); node = ebmb_next(node);
if (ci_putchk(si_ic(si), trash) == -1) { if (ci_putchk(si_ic(si), trash) == -1) {
@ -1028,7 +1002,6 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
if (!tmp || !out) if (!tmp || !out)
goto end_no_putchk; goto end_no_putchk;
if (!ckchs->multi) {
chunk_appendf(out, "Filename: "); chunk_appendf(out, "Filename: ");
if (ckchs == ckchs_transaction.new_ckchs) if (ckchs == ckchs_transaction.new_ckchs)
chunk_appendf(out, "*"); chunk_appendf(out, "*");
@ -1143,7 +1116,6 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
*(tmp->area + tmp->data) = '\0'; *(tmp->area + tmp->data) = '\0';
chunk_appendf(out, "%s\n", tmp->area); chunk_appendf(out, "%s\n", tmp->area);
} }
}
end: end:
if (ci_putchk(si_ic(si), out) == -1) { if (ci_putchk(si_ic(si), out) == -1) {
@ -1193,9 +1165,6 @@ static int cli_parse_show_cert(char **args, char *payload, struct appctx *appctx
} }
if (ckchs->multi)
goto error;
appctx->ctx.cli.p0 = ckchs; appctx->ctx.cli.p0 = ckchs;
/* use the IO handler that shows details */ /* use the IO handler that shows details */
appctx->io_handler = cli_io_handler_show_cert_detail; appctx->io_handler = cli_io_handler_show_cert_detail;
@ -1430,25 +1399,6 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc
goto error; goto error;
} }
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
if (ckchs_transaction.new_ckchs->multi) {
int n;
for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
/* if a certificate is here, a private key must be here too */
if (ckchs_transaction.new_ckchs->ckch[n].cert && !ckchs_transaction.new_ckchs->ckch[n].key) {
memprintf(&err, "The transaction must contain at least a certificate and a private key!\n");
goto error;
}
if (ckchs_transaction.new_ckchs->ckch[n].cert && !X509_check_private_key(ckchs_transaction.new_ckchs->ckch[n].cert, ckchs_transaction.new_ckchs->ckch[n].key)) {
memprintf(&err, "inconsistencies between private key and certificate loaded '%s'.\n", ckchs_transaction.path);
goto error;
}
}
} else
#endif
{
/* if a certificate is here, a private key must be here too */ /* if a certificate is here, a private key must be here too */
if (ckchs_transaction.new_ckchs->ckch->cert && !ckchs_transaction.new_ckchs->ckch->key) { if (ckchs_transaction.new_ckchs->ckch->cert && !ckchs_transaction.new_ckchs->ckch->key) {
memprintf(&err, "The transaction must contain at least a certificate and a private key!\n"); memprintf(&err, "The transaction must contain at least a certificate and a private key!\n");
@ -1459,7 +1409,6 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc
memprintf(&err, "inconsistencies between private key and certificate loaded '%s'.\n", ckchs_transaction.path); memprintf(&err, "inconsistencies between private key and certificate loaded '%s'.\n", ckchs_transaction.path);
goto error; goto error;
} }
}
/* init the appctx structure */ /* init the appctx structure */
appctx->st2 = SETCERT_ST_INIT; appctx->st2 = SETCERT_ST_INIT;