mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-05-04 12:41:00 +02:00
CLEANUP: ssl/cli: use a local context for "show ssl cert"
This command only really uses old_ckchs, cur_ckchs and the index in which the transaction was stored. The new structure "show_cert_ctx" only has these 3 fields, and the now unused "cur_ckchs" and "index" could be removed from the shared ssl context.
This commit is contained in:
Willy Tarreau
parent
f3e8b3e877
commit
96c9a6c752
@ -143,7 +143,6 @@ struct appctx {
|
||||
struct ckch_store *old_ckchs;
|
||||
struct ckch_store *new_ckchs;
|
||||
struct ckch_inst *next_ckchi;
|
||||
struct ckch_store *cur_ckchs;
|
||||
|
||||
struct ckch_inst_link *next_ckchi_link;
|
||||
struct cafile_entry *old_cafile_entry;
|
||||
@ -152,7 +151,6 @@ struct appctx {
|
||||
struct cafile_entry *old_crlfile_entry;
|
||||
struct cafile_entry *new_crlfile_entry;
|
||||
int cafile_type; /* either CA or CRL, depending on the current command */
|
||||
int index;
|
||||
} ssl;
|
||||
struct {
|
||||
void *ptr;
|
||||
|
||||
@ -77,6 +77,14 @@ struct show_crlfile_ctx {
|
||||
int index;
|
||||
};
|
||||
|
||||
/* CLI context used by "show cert" */
|
||||
struct show_cert_ctx {
|
||||
struct ckch_store *old_ckchs;
|
||||
struct ckch_store *cur_ckchs;
|
||||
int transaction;
|
||||
};
|
||||
|
||||
|
||||
|
||||
/******************** cert_key_and_chain functions *************************
|
||||
* These are the functions that fills a cert_key_and_chain structure. For the
|
||||
@ -1247,10 +1255,11 @@ static void cli_release_show_cert(struct appctx *appctx)
|
||||
}
|
||||
|
||||
/* IO handler of "show ssl cert <filename>".
|
||||
* It makes use of ctx.ssl.cur_ckchs, ctx.ssl.old_ckchs.
|
||||
* It makes use of a show_cert_ctx context, and ckchs_transaction in read-only.
|
||||
*/
|
||||
static int cli_io_handler_show_cert(struct appctx *appctx)
|
||||
{
|
||||
struct show_cert_ctx *ctx = appctx->svcctx;
|
||||
struct buffer *trash = alloc_trash_chunk();
|
||||
struct ebmb_node *node;
|
||||
struct conn_stream *cs = appctx->owner;
|
||||
@ -1259,7 +1268,7 @@ static int cli_io_handler_show_cert(struct appctx *appctx)
|
||||
if (trash == NULL)
|
||||
return 1;
|
||||
|
||||
if (!appctx->ctx.ssl.old_ckchs) {
|
||||
if (!ctx->old_ckchs) {
|
||||
if (ckchs_transaction.old_ckchs) {
|
||||
ckchs = ckchs_transaction.old_ckchs;
|
||||
chunk_appendf(trash, "# transaction\n");
|
||||
@ -1267,11 +1276,11 @@ static int cli_io_handler_show_cert(struct appctx *appctx)
|
||||
}
|
||||
}
|
||||
|
||||
if (!appctx->ctx.ssl.cur_ckchs) {
|
||||
if (!ctx->cur_ckchs) {
|
||||
chunk_appendf(trash, "# filename\n");
|
||||
node = ebmb_first(&ckchs_tree);
|
||||
} else {
|
||||
node = &((struct ckch_store *)appctx->ctx.ssl.cur_ckchs)->node;
|
||||
node = &ctx->cur_ckchs->node;
|
||||
}
|
||||
while (node) {
|
||||
ckchs = ebmb_entry(node, struct ckch_store, node);
|
||||
@ -1284,13 +1293,13 @@ static int cli_io_handler_show_cert(struct appctx *appctx)
|
||||
}
|
||||
}
|
||||
|
||||
appctx->ctx.ssl.cur_ckchs = NULL;
|
||||
ctx->cur_ckchs = NULL;
|
||||
free_trash_chunk(trash);
|
||||
return 1;
|
||||
yield:
|
||||
|
||||
free_trash_chunk(trash);
|
||||
appctx->ctx.ssl.cur_ckchs = ckchs;
|
||||
ctx->cur_ckchs = ckchs;
|
||||
return 0; /* should come back */
|
||||
}
|
||||
|
||||
@ -1650,12 +1659,13 @@ static int ckch_store_show_ocsp_certid(struct ckch_store *ckch_store, struct buf
|
||||
|
||||
|
||||
/* IO handler of the details "show ssl cert <filename>".
|
||||
* It uses ctx.ssl.cur_ckchs.
|
||||
* It uses a struct show_cert_ctx and ckchs_transaction in read-only.
|
||||
*/
|
||||
static int cli_io_handler_show_cert_detail(struct appctx *appctx)
|
||||
{
|
||||
struct show_cert_ctx *ctx = appctx->svcctx;
|
||||
struct conn_stream *cs = appctx->owner;
|
||||
struct ckch_store *ckchs = appctx->ctx.ssl.cur_ckchs;
|
||||
struct ckch_store *ckchs = ctx->cur_ckchs;
|
||||
struct buffer *out = alloc_trash_chunk();
|
||||
int retval = 0;
|
||||
|
||||
@ -1699,15 +1709,16 @@ yield:
|
||||
|
||||
|
||||
/* IO handler of the details "show ssl cert <filename.ocsp>".
|
||||
* It uses ctx.ssl.cur_ckchs and ctx.ssl.index.
|
||||
* It uses a show_cert_ctx.
|
||||
*/
|
||||
static int cli_io_handler_show_cert_ocsp_detail(struct appctx *appctx)
|
||||
{
|
||||
#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
|
||||
struct show_cert_ctx *ctx = appctx->svcctx;
|
||||
struct conn_stream *cs = appctx->owner;
|
||||
struct ckch_store *ckchs = appctx->ctx.ssl.cur_ckchs;
|
||||
struct ckch_store *ckchs = ctx->cur_ckchs;
|
||||
struct buffer *out = alloc_trash_chunk();
|
||||
int from_transaction = appctx->ctx.ssl.index;
|
||||
int from_transaction = ctx->transaction;
|
||||
|
||||
if (!out)
|
||||
goto end_no_putchk;
|
||||
@ -1750,6 +1761,7 @@ yield:
|
||||
/* parsing function for 'show ssl cert [certfile]' */
|
||||
static int cli_parse_show_cert(char **args, char *payload, struct appctx *appctx, void *private)
|
||||
{
|
||||
struct show_cert_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
|
||||
struct ckch_store *ckchs;
|
||||
|
||||
if (!cli_has_level(appctx, ACCESS_LVL_OPER))
|
||||
@ -1790,10 +1802,10 @@ static int cli_parse_show_cert(char **args, char *payload, struct appctx *appctx
|
||||
|
||||
}
|
||||
|
||||
appctx->ctx.ssl.cur_ckchs = ckchs;
|
||||
ctx->cur_ckchs = ckchs;
|
||||
/* use the IO handler that shows details */
|
||||
if (show_ocsp_detail) {
|
||||
appctx->ctx.ssl.index = from_transaction;
|
||||
ctx->transaction = from_transaction;
|
||||
appctx->io_handler = cli_io_handler_show_cert_ocsp_detail;
|
||||
}
|
||||
else
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user