so we can reuse it later
Signed-off-by: William Dauchy <w.dau...@criteo.com>
---
include/haproxy/server.h | 1 +
src/cfgparse-ssl.c | 31 ++-----------------------------
src/server.c | 21 +++++++++++++++++++++
3 files changed, 24 insertions(+), 29 deletions(-)
diff --git a/include/haproxy/server.h b/include/haproxy/server.h
index f15b7057d..64951374b 100644
--- a/include/haproxy/server.h
+++ b/include/haproxy/server.h
@@ -55,6 +55,7 @@ int srv_set_addr_via_libc(struct server *srv, int *err_code);
int srv_init_addr(void);
struct server *cli_find_server(struct appctx *appctx, char *arg);
struct server *new_server(struct proxy *proxy);
+void srv_init_sslctx(struct server *s);
/* functions related to server name resolution */
int snr_update_srv_status(struct server *s, int has_no_ip);
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index d22ae96fb..ef2e5da4c 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1352,19 +1352,7 @@ static int srv_parse_check_sni(char **args, int
*cur_arg, struct proxy *px, stru
static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px,
struct server *newsrv, char **err)
{
newsrv->check.use_ssl = 1;
- if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
- newsrv->ssl_ctx.ciphers =
strdup(global_ssl.connect_default_ciphers);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
- if (global_ssl.connect_default_ciphersuites &&
!newsrv->ssl_ctx.ciphersuites)
- newsrv->ssl_ctx.ciphersuites =
strdup(global_ssl.connect_default_ciphersuites);
-#endif
- newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
- newsrv->ssl_ctx.methods.flags |=
global_ssl.connect_default_sslmethods.flags;
- if (!newsrv->ssl_ctx.methods.min)
- newsrv->ssl_ctx.methods.min =
global_ssl.connect_default_sslmethods.min;
- if (!newsrv->ssl_ctx.methods.max)
- newsrv->ssl_ctx.methods.max =
global_ssl.connect_default_sslmethods.max;
-
+ srv_init_sslctx(newsrv);
return 0;
}
@@ -1536,22 +1524,7 @@ static int srv_parse_sni(char **args, int *cur_arg,
struct proxy *px, struct ser
static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct
server *newsrv, char **err)
{
newsrv->use_ssl = 1;
- if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
- newsrv->ssl_ctx.ciphers =
strdup(global_ssl.connect_default_ciphers);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
- if (global_ssl.connect_default_ciphersuites &&
!newsrv->ssl_ctx.ciphersuites)
- newsrv->ssl_ctx.ciphersuites =
strdup(global_ssl.connect_default_ciphersuites);
-#endif
- newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
- newsrv->ssl_ctx.methods.flags |=
global_ssl.connect_default_sslmethods.flags;
-
- if (!newsrv->ssl_ctx.methods.min)
- newsrv->ssl_ctx.methods.min =
global_ssl.connect_default_sslmethods.min;
-
- if (!newsrv->ssl_ctx.methods.max)
- newsrv->ssl_ctx.methods.max =
global_ssl.connect_default_sslmethods.max;
-
-
+ srv_init_sslctx(newsrv);
return 0;
}
diff --git a/src/server.c b/src/server.c
index b1656d5ce..181868cde 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1205,6 +1205,27 @@ void srv_compute_all_admin_states(struct proxy *px)
}
}
+/* Common function to init ssl_ctx
+ */
+void srv_init_sslctx(struct server *s)
+{
+ if (global_ssl.connect_default_ciphers && !s->ssl_ctx.ciphers)
+ s->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+ if (global_ssl.connect_default_ciphersuites && !s->ssl_ctx.ciphersuites)
+ s->ssl_ctx.ciphersuites =
strdup(global_ssl.connect_default_ciphersuites);
+#endif
+ s->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
+ s->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
+
+ if (!s->ssl_ctx.methods.min)
+ s->ssl_ctx.methods.min =
global_ssl.connect_default_sslmethods.min;
+
+ if (!s->ssl_ctx.methods.max)
+ s->ssl_ctx.methods.max =
global_ssl.connect_default_sslmethods.max;
+}
+
+
/* Note: must not be declared <const> as its list will be overwritten.
* Please take care of keeping this list alphabetically sorted, doing so helps
* all code contributors.
--
2.28.0
