MINOR: ssl: split parse functions for alpn/check-alpn

This will be in preparation for support of ssl on dynamic servers. The 'alpn' keyword will be allowed for dynamic servers but not the 'check-alpn'. The alpn parsing is extracted into a new function parse_alpn. Each srv_parse_alpn and srv_parse_check_alpn called it.
2025-09-22 14:21:25 +02:00 · 2021-05-21 16:45:10 +02:00 · 2021-05-21 16:45:10 +02:00 · 7addf56b72
commit 7addf56b72
parent 36aa451a4e
1 changed files with 28 additions and 16 deletions
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@ -1308,25 +1308,37 @@ static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct ser
 #endif
 }

-/* parse the "alpn" or the "check-alpn" server keyword */
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+static int parse_alpn(char *alpn, char **out_alpn_str, int *out_alpn_len, char **err)
+{
+	free(*out_alpn_str);
+	return ssl_sock_parse_alpn(alpn, out_alpn_str, out_alpn_len, err);
+}
+#endif
+
+/* parse the "alpn" server keyword */
 static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
 {
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
-	char **alpn_str;
-	int *alpn_len;
-	int ret;
-
-	if (*args[*cur_arg] == 'c') {
-		alpn_str = &newsrv->check.alpn_str;
-		alpn_len = &newsrv->check.alpn_len;
-	} else {
-		alpn_str = &newsrv->ssl_ctx.alpn_str;
-		alpn_len = &newsrv->ssl_ctx.alpn_len;
-
+	int ret = parse_alpn(args[*cur_arg + 1],
+	                     &newsrv->ssl_ctx.alpn_str,
+	                     &newsrv->ssl_ctx.alpn_len, err);
+	if (ret)
+		memprintf(err, "'%s' : %s", args[*cur_arg], *err);
+	return ret;
+#else
+	memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
+	return ERR_ALERT | ERR_FATAL;
+#endif
 }

-	free(*alpn_str);
-	ret = ssl_sock_parse_alpn(args[*cur_arg + 1], alpn_str, alpn_len, err);
+/* parse the "check-alpn" server keyword */
+static int srv_parse_check_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
+{
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+	int ret = parse_alpn(args[*cur_arg + 1],
+	                     &newsrv->check.alpn_str,
+	                     &newsrv->check.alpn_len, err);
 	if (ret)
 		memprintf(err, "'%s' : %s", args[*cur_arg], *err);
 	return ret;
@ -1864,7 +1876,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
 	{ "allow-0rtt",              srv_parse_allow_0rtt,         0, 1, 0 }, /* Allow using early data on this server */
 	{ "alpn",                    srv_parse_alpn,               1, 1, 0 }, /* Set ALPN supported protocols */
 	{ "ca-file",                 srv_parse_ca_file,            1, 1, 0 }, /* set CAfile to process verify server cert */
-	{ "check-alpn",              srv_parse_alpn,               1, 1, 0 }, /* Set ALPN used for checks */
+	{ "check-alpn",              srv_parse_check_alpn,         1, 1, 0 }, /* Set ALPN used for checks */
 	{ "check-sni",               srv_parse_check_sni,          1, 1, 0 }, /* set SNI */
 	{ "check-ssl",               srv_parse_check_ssl,          0, 1, 0 }, /* enable SSL for health checks */
 	{ "ciphers",                 srv_parse_ciphers,            1, 1, 0 }, /* select the cipher suite */