mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 22:31:28 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock

Browse Source 
These ones are pretty similar, just an strdup. Contrary to ca-base
and crt-base they support being changed.
This commit is contained in:
Willy Tarreau 2016-12-21 23:23:19 +01:00
parent 0bea58d641
commit f22e9683e9
2 changed files with 26 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/cfgparse.c
View File

@ -1105,40 +1105,6 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
} }
#endif /* SYSTEM_MAXCONN */ #endif /* SYSTEM_MAXCONN */
} }
else if (!strcmp(args[0], "ssl-default-bind-ciphers")) {
#ifdef USE_OPENSSL
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(global.listen_default_ciphers);
global.listen_default_ciphers = strdup(args[1]);
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
else if (!strcmp(args[0], "ssl-default-server-ciphers")) {
#ifdef USE_OPENSSL
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(global.connect_default_ciphers);
global.connect_default_ciphers = strdup(args[1]);
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
else if (!strcmp(args[0], "ssl-dh-param-file")) { else if (!strcmp(args[0], "ssl-dh-param-file")) {

26
src/ssl_sock.c
View File

@ -6010,6 +6010,30 @@ static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct pr
return 0; return 0;
} }
/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
* in global section. Returns <0 on alert, >0 on warning, 0 on success.
*/
static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
struct proxy *defpx, const char *file, int line,
char **err)
{
char **target;
target = (args[0][12] == 'b') ? &global.listen_default_ciphers : &global.connect_default_ciphers;
if (too_many_args(1, args, err, NULL))
return -1;
if (*(args[1]) == 0) {
memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
return -1;
}
free(*target);
*target = strdup(args[1]);
return 0;
}
/* parse various global tune.ssl settings consisting in positive integers. /* parse various global tune.ssl settings consisting in positive integers.
* Returns <0 on alert, >0 on warning, 0 on success. * Returns <0 on alert, >0 on warning, 0 on success.
*/ */
@ -6523,6 +6547,8 @@ static struct cfg_kw_list cfg_kws = {ILH, {
{ CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime }, { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
{ CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int }, { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
{ CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int }, { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
{ CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
{ CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
{ 0, NULL, NULL }, { 0, NULL, NULL },
}}; }};