so we can reuse it later Signed-off-by: William Dauchy <w.dau...@criteo.com> --- include/haproxy/server.h | 1 + src/cfgparse-ssl.c | 31 ++----------------------------- src/server.c | 21 +++++++++++++++++++++ 3 files changed, 24 insertions(+), 29 deletions(-)
diff --git a/include/haproxy/server.h b/include/haproxy/server.h index f15b7057d..64951374b 100644 --- a/include/haproxy/server.h +++ b/include/haproxy/server.h @@ -55,6 +55,7 @@ int srv_set_addr_via_libc(struct server *srv, int *err_code); int srv_init_addr(void); struct server *cli_find_server(struct appctx *appctx, char *arg); struct server *new_server(struct proxy *proxy); +void srv_init_sslctx(struct server *s); /* functions related to server name resolution */ int snr_update_srv_status(struct server *s, int has_no_ip); diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index d22ae96fb..ef2e5da4c 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -1352,19 +1352,7 @@ static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, stru static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) { newsrv->check.use_ssl = 1; - if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers) - newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers); -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) - if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites) - newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites); -#endif - newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions; - newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags; - if (!newsrv->ssl_ctx.methods.min) - newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min; - if (!newsrv->ssl_ctx.methods.max) - newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max; - + srv_init_sslctx(newsrv); return 0; } @@ -1536,22 +1524,7 @@ static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct ser static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) { newsrv->use_ssl = 1; - if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers) - newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers); -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) - if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites) - newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites); -#endif - newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions; - newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags; - - if (!newsrv->ssl_ctx.methods.min) - newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min; - - if (!newsrv->ssl_ctx.methods.max) - newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max; - - + srv_init_sslctx(newsrv); return 0; } diff --git a/src/server.c b/src/server.c index b1656d5ce..181868cde 100644 --- a/src/server.c +++ b/src/server.c @@ -1205,6 +1205,27 @@ void srv_compute_all_admin_states(struct proxy *px) } } +/* Common function to init ssl_ctx + */ +void srv_init_sslctx(struct server *s) +{ + if (global_ssl.connect_default_ciphers && !s->ssl_ctx.ciphers) + s->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers); +#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) + if (global_ssl.connect_default_ciphersuites && !s->ssl_ctx.ciphersuites) + s->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites); +#endif + s->ssl_ctx.options |= global_ssl.connect_default_ssloptions; + s->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags; + + if (!s->ssl_ctx.methods.min) + s->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min; + + if (!s->ssl_ctx.methods.max) + s->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max; +} + + /* Note: must not be declared <const> as its list will be overwritten. * Please take care of keeping this list alphabetically sorted, doing so helps * all code contributors. -- 2.28.0