mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-11 09:37:20 +02:00
Code Issues Projects Releases Wiki Activity

CLEANUP: ssl/cli: remove leftovers of bundle/certs (it < 2)

Browse Source 
Remove the leftovers of the certificate + bundle updating in 'ssl set
cert' and 'commit ssl cert'.

* Remove the it variable in appctx.ctx.ssl.
* Stop doing everything twice.
* Indent
This commit is contained in:
William Lallemand 2019-10-30 17:45:33 +01:00 committed by William Lallemand
parent bc6ca7ccaa
commit beea2a476e
2 changed files with 74 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/types/applet.h
View File

@ -174,7 +174,6 @@ struct appctx {
} cfgpeers; } cfgpeers;
struct { struct {
char *path; char *path;
int it;
struct ckch_store *old_ckchs; struct ckch_store *old_ckchs;
struct ckch_store *new_ckchs; struct ckch_store *new_ckchs;
struct ckch_inst *next_ckchi; struct ckch_inst *next_ckchi;

11
src/ssl_sock.c
View File

@ -9975,17 +9975,15 @@ static void cli_release_commit_cert(struct appctx *appctx)
{ {
struct ckch_store *new_ckchs; struct ckch_store *new_ckchs;
struct ckch_inst *ckchi, *ckchis; struct ckch_inst *ckchi, *ckchis;
int it;
HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock); HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
if (appctx->st2 != SETCERT_ST_FIN) { if (appctx->st2 != SETCERT_ST_FIN) {
/* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */ /* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */
for (it = 0; it < 2; it++) {
new_ckchs = appctx->ctx.ssl.new_ckchs; new_ckchs = appctx->ctx.ssl.new_ckchs;
if (!new_ckchs) if (!new_ckchs)
continue; return;
/* if the allocation failed, we need to free everything from the temporary list */ /* if the allocation failed, we need to free everything from the temporary list */
list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) { list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
@ -10003,7 +10001,6 @@ static void cli_release_commit_cert(struct appctx *appctx)
ckchs_free(new_ckchs); ckchs_free(new_ckchs);
} }
} }
}
/* /*
@ -10017,7 +10014,6 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
int errcode = 0; int errcode = 0;
struct ckch_store *old_ckchs, *new_ckchs = NULL; struct ckch_store *old_ckchs, *new_ckchs = NULL;
struct ckch_inst *ckchi, *ckchis; struct ckch_inst *ckchi, *ckchis;
int it = appctx->ctx.ssl.it; /* 0 non-bundle, 1 = bundle */
struct buffer *trash = alloc_trash_chunk(); struct buffer *trash = alloc_trash_chunk();
if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW))) if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
@ -10039,9 +10035,6 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
* This state generates the ckch instances with their * This state generates the ckch instances with their
* sni_ctxs and SSL_CTX. * sni_ctxs and SSL_CTX.
* *
* This step could be done twice (without considering
* the yields), once for a cert, and once for a bundle.
*
* Since the SSL_CTX generation can be CPU consumer, we * Since the SSL_CTX generation can be CPU consumer, we
* yield every 10 instances. * yield every 10 instances.
*/ */
@ -10066,7 +10059,6 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
if (y >= 10) { if (y >= 10) {
/* save the next ckchi to compute */ /* save the next ckchi to compute */
appctx->ctx.ssl.next_ckchi = ckchi; appctx->ctx.ssl.next_ckchi = ckchi;
appctx->ctx.ssl.it = it;
goto yield; goto yield;
} }
@ -10185,7 +10177,6 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc
/* init the appctx structure */ /* init the appctx structure */
appctx->st2 = SETCERT_ST_INIT; appctx->st2 = SETCERT_ST_INIT;
appctx->ctx.ssl.it = 0;
appctx->ctx.ssl.next_ckchi = NULL; appctx->ctx.ssl.next_ckchi = NULL;
appctx->ctx.ssl.new_ckchs = ckchs_transaction.new_ckchs; appctx->ctx.ssl.new_ckchs = ckchs_transaction.new_ckchs;
appctx->ctx.ssl.old_ckchs = ckchs_transaction.old_ckchs; appctx->ctx.ssl.old_ckchs = ckchs_transaction.old_ckchs;