From f22e9683e9bf5f7eb73ed89d21257946d4c7b4cc Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 21 Dec 2016 23:23:19 +0100
Subject: [PATCH] MINOR: cfgparse: move parsing of
 ssl-default-{bind,server}-ciphers to ssl_sock

These ones are pretty similar, just an strdup. Contrary to ca-base
and crt-base they support being changed.
---
 src/cfgparse.c | 34 ----------------------------------
 src/ssl_sock.c | 26 ++++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 34 deletions(-)

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 0ece4fdeb..24bccd29f 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1105,40 +1105,6 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
 		}
 #endif /* SYSTEM_MAXCONN */
 	}
-	else if (!strcmp(args[0], "ssl-default-bind-ciphers")) {
-#ifdef USE_OPENSSL
-		if (alertif_too_many_args(1, file, linenum, args, &err_code))
-			goto out;
-		if (*(args[1]) == 0) {
-			Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
-			err_code |= ERR_ALERT | ERR_FATAL;
-			goto out;
-		}
-		free(global.listen_default_ciphers);
-		global.listen_default_ciphers = strdup(args[1]);
-#else
-		Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
-		err_code |= ERR_ALERT | ERR_FATAL;
-		goto out;
-#endif
-	}
-	else if (!strcmp(args[0], "ssl-default-server-ciphers")) {
-#ifdef USE_OPENSSL
-		if (alertif_too_many_args(1, file, linenum, args, &err_code))
-			goto out;
-		if (*(args[1]) == 0) {
-			Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
-			err_code |= ERR_ALERT | ERR_FATAL;
-			goto out;
-		}
-		free(global.connect_default_ciphers);
-		global.connect_default_ciphers = strdup(args[1]);
-#else
-		Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
-		err_code |= ERR_ALERT | ERR_FATAL;
-		goto out;
-#endif
-	}
 #ifdef USE_OPENSSL
 #ifndef OPENSSL_NO_DH
 	else if (!strcmp(args[0], "ssl-dh-param-file")) {
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 66280beb2..0ac73159b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6010,6 +6010,30 @@ static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct pr
 	return 0;
 }
 
+/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
+ * in global section. Returns <0 on alert, >0 on warning, 0 on success.
+ */
+static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
+                                    struct proxy *defpx, const char *file, int line,
+                                    char **err)
+{
+	char **target;
+
+	target = (args[0][12] == 'b') ? &global.listen_default_ciphers : &global.connect_default_ciphers;
+
+	if (too_many_args(1, args, err, NULL))
+		return -1;
+
+	if (*(args[1]) == 0) {
+		memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
+		return -1;
+	}
+
+	free(*target);
+	*target = strdup(args[1]);
+	return 0;
+}
+
 /* parse various global tune.ssl settings consisting in positive integers.
  * Returns <0 on alert, >0 on warning, 0 on success.
  */
@@ -6523,6 +6547,8 @@ static struct cfg_kw_list cfg_kws = {ILH, {
 	{ CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
 	{ CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
 	{ CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
+	{ CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
+	{ CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
 	{ 0, NULL, NULL },
 }};