CLEANUP: ssl/cli: remove leftovers of bundle/certs (it < 2)

Remove the leftovers of the certificate + bundle updating in 'ssl set cert' and 'commit ssl cert'. * Remove the it variable in appctx.ctx.ssl. * Stop doing everything twice. * Indent
2025-08-10 00:57:02 +02:00 · 2019-10-30 17:45:33 +01:00 · 2019-10-30 17:45:33 +01:00 · beea2a476e
commit beea2a476e
parent bc6ca7ccaa
2 changed files with 74 additions and 84 deletions
--- a/include/types/applet.h
+++ b/include/types/applet.h
@ -174,7 +174,6 @@ struct appctx {
 		} cfgpeers;
 		struct {
 			char *path;
-			int it;
 			struct ckch_store *old_ckchs;
 			struct ckch_store *new_ckchs;
 			struct ckch_inst *next_ckchi;
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -9975,17 +9975,15 @@ static void cli_release_commit_cert(struct appctx *appctx)
 {
 	struct ckch_store *new_ckchs;
 	struct ckch_inst *ckchi, *ckchis;
-	int it;

 	HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);

 	if (appctx->st2 != SETCERT_ST_FIN) {
 		/* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */
-		for (it = 0; it < 2; it++) {
 		new_ckchs = appctx->ctx.ssl.new_ckchs;

 		if (!new_ckchs)
-				continue;
+			return;

 		/* if the allocation failed, we need to free everything from the temporary list */
 		list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
@ -10003,7 +10001,6 @@ static void cli_release_commit_cert(struct appctx *appctx)
 		ckchs_free(new_ckchs);
 	}
 }
-}


 /*
@ -10017,7 +10014,6 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 	int errcode = 0;
 	struct ckch_store *old_ckchs, *new_ckchs = NULL;
 	struct ckch_inst *ckchi, *ckchis;
-	int it = appctx->ctx.ssl.it; /* 0 non-bundle, 1 = bundle */
 	struct buffer *trash = alloc_trash_chunk();

 	if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
@ -10039,9 +10035,6 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 				 * This state generates the ckch instances with their
 				 * sni_ctxs and SSL_CTX.
 				 *
-				 * This step could be done twice (without considering
-				 * the yields), once for a cert, and once for a bundle.
-				 *
 				 * Since the SSL_CTX generation can be CPU consumer, we
 				 * yield every 10 instances.
 				 */
@ -10066,7 +10059,6 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 					if (y >= 10) {
 						/* save the next ckchi to compute */
 						appctx->ctx.ssl.next_ckchi = ckchi;
-							appctx->ctx.ssl.it = it;
 						goto yield;
 					}

@ -10185,7 +10177,6 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc

 	/* init the appctx structure */
 	appctx->st2 = SETCERT_ST_INIT;
-	appctx->ctx.ssl.it = 0;
 	appctx->ctx.ssl.next_ckchi = NULL;
 	appctx->ctx.ssl.new_ckchs = ckchs_transaction.new_ckchs;
 	appctx->ctx.ssl.old_ckchs = ckchs_transaction.old_ckchs;