Re: [PATCH] CLEANUP: remove useless ssl code from haproxy.c

Tue, 13 Jun 2017 02:31:53 -0700 

Hi Manu,

On Tue, Jun 13, 2017 at 11:07:07AM +0200, Emmanuel Hocdet wrote:
> > Le 9 juin 2017 à 17:30, Emmanuel Hocdet <[email protected]> a écrit :
> >> Le 9 juin 2017 à 17:07, Willy Tarreau <[email protected]> a écrit :
> >> On Fri, Jun 09, 2017 at 05:02:56PM +0200, Emmanuel Hocdet wrote:
> >>> Why ssl_free_dh (and #include <proto/ssl_sock.h>) suddenly (re)appear in 
> >>> haproxy.c
> >>> with this commit? This looks like a remnant of old dev.
> >> 
> >> It doesn't re-appear with this commit, look, it was already there :
> >> 
> >>>> -#ifndef OPENSSL_NO_DH
> >>>> +#if defined(USE_OPENSSL) && !defined(OPENSSL_NO_DH)
> >>>>                  ssl_free_dh();
> >>>> #endif
> >> 
> >> The ssl_free_dh() comes from this patch :
> >> 
> >> 872f9c2 ("MEDIUM: ssl: add basic support for OpenSSL crypto engine")
> >> 
> >> Willy
> > 
> > yes, i meat with the commit referred in this patch.
> > 
> > 
> 
> and the patch to cleanup this:

[adding Emeric to confirm]

I suspect this is what Emeric had to add due to the engines crashing on
exit when DH was offloaded, but I'm not sure. At least if that's the
case, it would deserve a comment so that it doesn't get removed later,
especially since very few people test with engines.

Willy

>From eee1e71ccc7a54ee10aad759bfd51656dabf90f1 Mon Sep 17 00:00:00 2001
From: Emmanuel Hocdet <[email protected]>
Date: Tue, 13 Jun 2017 10:44:27 +0200
Subject: [PATCH] CLEANUP: remove useless ssl code from haproxy.c

The commit 872f9c213 ("MEDIUM: ssl: add basic support for OpenSSL crypto
engine") add ssl_free_dh to haproy.c (and dependancy to ssl_sock.h).
It's useless, ssl_*_dh is managed by ssl_sock.c.
---
 src/haproxy.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/haproxy.c b/src/haproxy.c
index d64058d..6f57cee 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -109,7 +109,6 @@
 #include <proto/task.h>
 #include <proto/dns.h>
 #include <proto/vars.h>
-#include <proto/ssl_sock.h>
 
 /* list of config files */
 static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles);
@@ -2577,9 +2576,6 @@ int main(int argc, char **argv)
                                /* should never get there */
                                exit(EXIT_FAILURE);
                        }
-#if defined(USE_OPENSSL) && !defined(OPENSSL_NO_DH)
-                       ssl_free_dh();
-#endif
                        exit(0); /* parent must leave */
                }
 
-- 
2.1.4

Reply via email to