mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 14:21:25 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: split parse functions for alpn/check-alpn

Browse Source 
This will be in preparation for support of ssl on dynamic servers. The
'alpn' keyword will be allowed for dynamic servers but not the
'check-alpn'.

The alpn parsing is extracted into a new function parse_alpn. Each
srv_parse_alpn and srv_parse_check_alpn called it.
This commit is contained in:
Amaury Denoyelle 2021-05-21 16:45:10 +02:00
parent 36aa451a4e
commit 7addf56b72
1 changed files with 28 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/cfgparse-ssl.c
View File

@ -1308,25 +1308,37 @@ static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct ser
#endif #endif
} }
/* parse the "alpn" or the "check-alpn" server keyword */ #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
static int parse_alpn(char *alpn, char **out_alpn_str, int *out_alpn_len, char **err)
{
free(*out_alpn_str);
return ssl_sock_parse_alpn(alpn, out_alpn_str, out_alpn_len, err);
}
#endif
/* parse the "alpn" server keyword */
static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{ {
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
char **alpn_str; int ret = parse_alpn(args[*cur_arg + 1],
int *alpn_len; &newsrv->ssl_ctx.alpn_str,
int ret; &newsrv->ssl_ctx.alpn_len, err);
if (ret)
memprintf(err, "'%s' : %s", args[*cur_arg], *err);
return ret;
#else
memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
return ERR_ALERT | ERR_FATAL;
#endif
}
if (*args[*cur_arg] == 'c') { /* parse the "check-alpn" server keyword */
alpn_str = &newsrv->check.alpn_str; static int srv_parse_check_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
alpn_len = &newsrv->check.alpn_len; {
} else { #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
alpn_str = &newsrv->ssl_ctx.alpn_str; int ret = parse_alpn(args[*cur_arg + 1],
alpn_len = &newsrv->ssl_ctx.alpn_len; &newsrv->check.alpn_str,
&newsrv->check.alpn_len, err);
}
free(*alpn_str);
ret = ssl_sock_parse_alpn(args[*cur_arg + 1], alpn_str, alpn_len, err);
if (ret) if (ret)
memprintf(err, "'%s' : %s", args[*cur_arg], *err); memprintf(err, "'%s' : %s", args[*cur_arg], *err);
return ret; return ret;
@ -1864,7 +1876,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
{ "allow-0rtt", srv_parse_allow_0rtt, 0, 1, 0 }, /* Allow using early data on this server */ { "allow-0rtt", srv_parse_allow_0rtt, 0, 1, 0 }, /* Allow using early data on this server */
{ "alpn", srv_parse_alpn, 1, 1, 0 }, /* Set ALPN supported protocols */ { "alpn", srv_parse_alpn, 1, 1, 0 }, /* Set ALPN supported protocols */
{ "ca-file", srv_parse_ca_file, 1, 1, 0 }, /* set CAfile to process verify server cert */ { "ca-file", srv_parse_ca_file, 1, 1, 0 }, /* set CAfile to process verify server cert */
{ "check-alpn", srv_parse_alpn, 1, 1, 0 }, /* Set ALPN used for checks */ { "check-alpn", srv_parse_check_alpn, 1, 1, 0 }, /* Set ALPN used for checks */
{ "check-sni", srv_parse_check_sni, 1, 1, 0 }, /* set SNI */ { "check-sni", srv_parse_check_sni, 1, 1, 0 }, /* set SNI */
{ "check-ssl", srv_parse_check_ssl, 0, 1, 0 }, /* enable SSL for health checks */ { "check-ssl", srv_parse_check_ssl, 0, 1, 0 }, /* enable SSL for health checks */
{ "ciphers", srv_parse_ciphers, 1, 1, 0 }, /* select the cipher suite */ { "ciphers", srv_parse_ciphers, 1, 1, 0 }, /* select the cipher suite */