MEDIUM: conf: rename 'nosslv3' and 'notlsvXX' statements 'no-sslv3' and 'no-tlsvXX'.

These ones were really not easy to read nor write, and become confusing
with the next ones to be added.

doc/configuration.txt

@@ -6907,7 +6907,7 @@ nice <nice>
   it may make sense to use a positive value for an SMTP socket and a negative
   one for an RDP socket.
 
-nosslv3
+no-sslv3
   This setting is only available when support for OpenSSL was built in. It
   disables support for SSLv3 on any sockets instanciated from the listener when
   SSL is supported. Note that SSLv2 is forced disabled in the code and cannot
@@ -6919,19 +6919,19 @@ no-tls-tickets
   extension) and force to use stateful session resumption. Stateless
   session resumption is more expensive in CPU usage.
 
-notlsv10
+no-tlsv10
   This setting is only available when support for OpenSSL was built in. It
   disables support for TLSv10 on any sockets instanciated from the listener when
   SSL is supported. Note that SSLv2 is forced disabled in the code and cannot
   be enabled using any configuration option.
 
-notlsv11
+no-tlsv11
   This setting is only available when support for OpenSSL was built in. It
   disables support for TLSv11 on any sockets instanciated from the listener when
   SSL is supported. Note that SSLv2 is forced disabled in the code and cannot
   be enabled using any configuration option.
 
-notlsv12
+no-tlsv12
   This setting is only available when support for OpenSSL was built in. It
   disables support for TLSv12 on any sockets instanciated from the listener when
   SSL is supported. Note that SSLv2 is forced disabled in the code and cannot
@@ -7192,14 +7192,14 @@ minconn <minconn>
 
   Supported in default-server: Yes
 
-nosslv3
+no-sslv3
   This option disables support for SSLv3 when SSL is used to communicate with
   the server. Note that SSLv2 is disabled in the code and cannot be enabled
   using any configuration option.
 
   Supported in default-server: No
 
-notlsv10
+no-tlsv10
   This option disables support for TLSv10 when SSL is used to communicate with
   the server. Note that SSLv2 is disabled in the code and cannot be enabled
   using any configuration option. TLSv1 is more expensive than SSLv3 so it
@@ -7207,7 +7207,7 @@ notlsv10
 
   Supported in default-server: No
 
-notlsv11
+no-tlsv11
   This option disables support for TLSv11 when SSL is used to communicate with
   the server. Note that SSLv2 is disabled in the code and cannot be enabled
   using any configuration option. TLSv1 is more expensive than SSLv3 so it
@@ -7215,7 +7215,7 @@ notlsv11
 
   Supported in default-server: No
 
-notlsv12
+no-tlsv12
   This option disables support for TLSv12 when SSL is used to communicate with
   the server. Note that SSLv2 is disabled in the code and cannot be enabled
   using any configuration option. TLSv1 is more expensive than SSLv3 so it

include/types/listener.h

@@ -104,10 +104,10 @@ struct bind_conf {
 	char *crlfile;             /* CRLfile to use on verify */
 	char *ecdhe;               /* named curve to use for ECDHE */
 	int no_tls_tickets;        /* disable session resumption tickets */
-	int nosslv3;               /* disable SSLv3 */
-	int notlsv10;              /* disable TLSv1.0 */
-	int notlsv11;              /* disable TLSv1.1 */
-	int notlsv12;              /* disable TLSv1.2 */
+	int no_sslv3;              /* disable SSLv3 */
+	int no_tlsv10;             /* disable TLSv1.0 */
+	int no_tlsv11;             /* disable TLSv1.1 */
+	int no_tlsv12;             /* disable TLSv1.2 */
 	int verify;                /* verify method (set of SSL_VERIFY_* flags) */
 	SSL_CTX *default_ctx;      /* SSL context of first/default certificate */
 	struct eb_root sni_ctx;    /* sni_ctx tree of all known certs full-names sorted by name */

include/types/server.h

@@ -178,10 +178,10 @@ struct server {
 		SSL_CTX *ctx;
 		SSL_SESSION *reused_sess;
 		char *ciphers;			/* cipher suite to use if non-null */
-		int nosslv3;			/* disable SSLv3 */
-		int notlsv10;			/* disable TLSv1.0 */
-		int notlsv11;			/* disable TLSv1.1 */
-		int notlsv12;			/* disable TLSv1.2 */
+		int no_sslv3;			/* disable SSLv3 */
+		int no_tlsv10;			/* disable TLSv1.0 */
+		int no_tlsv11;			/* disable TLSv1.1 */
+		int no_tlsv12;			/* disable TLSv1.2 */
 	} ssl_ctx;
 #endif
 	struct {

src/cfgparse.c

@@ -4293,9 +4293,9 @@ stats_error_parsing:
 				goto out;
 #endif
 			}
-			else if (!strcmp(args[cur_arg], "nosslv3")) {
+			else if (!strcmp(args[cur_arg], "no-sslv3")) {
 #ifdef USE_OPENSSL
-				newsrv->ssl_ctx.nosslv3 = 1;
+				newsrv->ssl_ctx.no_sslv3 = 1;
 				cur_arg += 1;
 #else /* USE_OPENSSL */
 				Alert("parsing [%s:%d]: '%s' option not implemented.\n",
@@ -4304,9 +4304,9 @@ stats_error_parsing:
 				goto out;
 #endif /* USE_OPENSSL */
 			}
-			else if (!strcmp(args[cur_arg], "notlsv10")) {
+			else if (!strcmp(args[cur_arg], "no-tlsv10")) {
 #ifdef USE_OPENSSL
-				newsrv->ssl_ctx.notlsv10 = 1;
+				newsrv->ssl_ctx.no_tlsv10 = 1;
 				cur_arg += 1;
 #else /* USE_OPENSSL */
 				Alert("parsing [%s:%d]: '%s' option not implemented.\n",
@@ -4315,9 +4315,9 @@ stats_error_parsing:
 				goto out;
 #endif /* USE_OPENSSL */
 			}
-			else if (!strcmp(args[cur_arg], "notlsv11")) {
+			else if (!strcmp(args[cur_arg], "no-tlsv11")) {
 #ifdef USE_OPENSSL
-				newsrv->ssl_ctx.notlsv11 = 1;
+				newsrv->ssl_ctx.no_tlsv11 = 1;
 				cur_arg += 1;
 #else /* USE_OPENSSL */
 				Alert("parsing [%s:%d]: '%s' option not implemented.\n",
@@ -4326,9 +4326,9 @@ stats_error_parsing:
 				goto out;
 #endif /* USE_OPENSSL */
 			}
-			else if (!strcmp(args[cur_arg], "notlsv12")) {
+			else if (!strcmp(args[cur_arg], "no-tlsv12")) {
 #ifdef USE_OPENSSL
-				newsrv->ssl_ctx.notlsv12 = 1;
+				newsrv->ssl_ctx.no_tlsv12 = 1;
 				cur_arg += 1;
 #else /* USE_OPENSSL */
 				Alert("parsing [%s:%d]: '%s' option not implemented.\n",
@@ -6360,13 +6360,13 @@ out_uri_auth_compat:
 						goto next_srv;
 				}
 
-				if (newsrv->ssl_ctx.nosslv3)
+				if (newsrv->ssl_ctx.no_sslv3)
 					ssloptions |= SSL_OP_NO_SSLv3;
-				if (newsrv->ssl_ctx.notlsv10)
+				if (newsrv->ssl_ctx.no_tlsv10)
 					ssloptions |= SSL_OP_NO_TLSv1;
-				if (newsrv->ssl_ctx.notlsv11)
+				if (newsrv->ssl_ctx.no_tlsv11)
 					ssloptions |= SSL_OP_NO_TLSv1_1;
-				if (newsrv->ssl_ctx.notlsv12)
+				if (newsrv->ssl_ctx.no_tlsv12)
 					ssloptions |= SSL_OP_NO_TLSv1_2;
 				SSL_CTX_set_options(newsrv->ssl_ctx.ctx, ssloptions);
 				SSL_CTX_set_mode(newsrv->ssl_ctx.ctx, sslmode);

src/ssl_sock.c

@@ -484,13 +484,13 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
 		SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
 		SSL_MODE_RELEASE_BUFFERS;
 
-	if (bind_conf->nosslv3)
+	if (bind_conf->no_sslv3)
 		ssloptions |= SSL_OP_NO_SSLv3;
-	if (bind_conf->notlsv10)
+	if (bind_conf->no_tlsv10)
 		ssloptions |= SSL_OP_NO_TLSv1;
-	if (bind_conf->notlsv11)
+	if (bind_conf->no_tlsv11)
 		ssloptions |= SSL_OP_NO_TLSv1_1;
-	if (bind_conf->notlsv12)
+	if (bind_conf->no_tlsv12)
 		ssloptions |= SSL_OP_NO_TLSv1_2;
 	if (bind_conf->no_tls_tickets)
 		ssloptions |= SSL_OP_NO_TICKET;
@@ -1253,31 +1253,31 @@ static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px,
 }
 
 
-/* parse the "nosslv3" bind keyword */
-static int bind_parse_nosslv3(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
+/* parse the "no-sslv3" bind keyword */
+static int bind_parse_no_sslv3(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
 {
-	conf->nosslv3 = 1;
+	conf->no_sslv3 = 1;
 	return 0;
 }
 
-/* parse the "notlsv1" bind keyword */
-static int bind_parse_notlsv10(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
+/* parse the "no-tlsv10" bind keyword */
+static int bind_parse_no_tlsv10(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
 {
-	conf->notlsv10 = 1;
+	conf->no_tlsv10 = 1;
 	return 0;
 }
 
-/* parse the "notlsv11" bind keyword */
-static int bind_parse_notlsv11(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
+/* parse the "no-tlsv11" bind keyword */
+static int bind_parse_no_tlsv11(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
 {
-	conf->notlsv11 = 1;
+	conf->no_tlsv11 = 1;
 	return 0;
 }
 
-/* parse the "notlsv12" bind keyword */
-static int bind_parse_notlsv12(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
+/* parse the "no-tlsv12" bind keyword */
+static int bind_parse_no_tlsv12(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
 {
-	conf->notlsv12 = 1;
+	conf->no_tlsv12 = 1;
 	return 0;
 }
 
@@ -1365,11 +1365,11 @@ static struct bind_kw_list bind_kws = { "SSL", { }, {
 	{ "crt",                   bind_parse_crt,            1 }, /* load SSL certificates from this location */
 	{ "crt-ignore-err",        bind_parse_ignore_err,     1 }, /* set error IDs to ingore on verify depth == 0 */
 	{ "ecdhe",                 bind_parse_ecdhe,          1 }, /* defines named curve for elliptic curve Diffie-Hellman */
+	{ "no-sslv3",              bind_parse_no_sslv3,       0 }, /* disable SSLv3 */
+	{ "no-tlsv10",             bind_parse_no_tlsv10,      0 }, /* disable TLSv10 */
+	{ "no-tlsv11",             bind_parse_no_tlsv11,      0 }, /* disable TLSv11 */
+	{ "no-tlsv12",             bind_parse_no_tlsv12,      0 }, /* disable TLSv12 */
 	{ "no-tls-tickets",        bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
-	{ "nosslv3",               bind_parse_nosslv3,        0 }, /* disable SSLv3 */
-	{ "notlsv10",              bind_parse_notlsv10,       0 }, /* disable TLSv10 */
-	{ "notlsv11",              bind_parse_notlsv11,       0 }, /* disable TLSv11 */
-	{ "notlsv12",              bind_parse_notlsv12,       0 }, /* disable TLSv12 */
 	{ "ssl",                   bind_parse_ssl,            0 }, /* enable SSL processing */
 	{ "verify",                bind_parse_verify,         1 }, /* set SSL verify method */
 	{ NULL, NULL, 0 },