mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-01-16 14:21:03 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Remove client_crt member of the server's ssl context

Browse Source 
The client_crt member is not used anymore since the server's ssl context
initialization now behaves the same way as the bind lines one (using
ckch stores and instances).
This commit is contained in:
Remi Tricot-Le Breton 2021-01-25 17:19:45 +01:00 committed by William Lallemand
parent f3eedfe195
commit bb470aa327
3 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/haproxy/server-t.h
View File

@ -322,7 +322,6 @@ struct server {
char *verify_host; /* hostname of certificate must match this host */
char *ca_file; /* CAfile to use on verify */
char *crl_file; /* CRLfile to use on verify */
char *client_crt; /* client certificate to send */
struct sample_expr *sni; /* sample expression for SNI */
#ifdef OPENSSL_NPN_NEGOTIATED
char *npn_str; /* NPN protocol string */

14
src/cfgparse-ssl.c
View File

@ -1442,17 +1442,25 @@ static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struc
/* parse the "crt" server keyword */
static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{
int retval = -1;
char *path = NULL;
if (!*args[*cur_arg + 1]) {
memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
return ERR_ALERT | ERR_FATAL;
}
if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
memprintf(&path, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
else
memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
memprintf(&path, "%s", args[*cur_arg + 1]);
return ssl_sock_load_srv_cert(newsrv->ssl_ctx.client_crt, newsrv, err);
if (path) {
retval = ssl_sock_load_srv_cert(path, newsrv, err);
free(path);
}
return retval;
}
/* parse the "no-check-ssl" server keyword */

2
src/server.c
View File

@ -1535,8 +1535,6 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
srv->ssl_ctx.ca_file = strdup(src->ssl_ctx.ca_file);
if (src->ssl_ctx.crl_file != NULL)
srv->ssl_ctx.crl_file = strdup(src->ssl_ctx.crl_file);
if (src->ssl_ctx.client_crt != NULL)
srv->ssl_ctx.client_crt = strdup(src->ssl_ctx.client_crt);
srv->ssl_ctx.verify = src->ssl_ctx.verify;