[PATCH v2 3/4] MINOR: ssl: create common ssl_ctx init

Sun, 04 Oct 2020 11:15:14 -0700 

so we can reuse it later

Signed-off-by: William Dauchy <[email protected]>
---
 include/haproxy/server.h |  1 +
 src/cfgparse-ssl.c       | 32 +++-----------------------------
 src/server.c             | 22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 29 deletions(-)

diff --git a/include/haproxy/server.h b/include/haproxy/server.h
index f15b7057d..64951374b 100644
--- a/include/haproxy/server.h
+++ b/include/haproxy/server.h
@@ -55,6 +55,7 @@ int srv_set_addr_via_libc(struct server *srv, int *err_code);
 int srv_init_addr(void);
 struct server *cli_find_server(struct appctx *appctx, char *arg);
 struct server *new_server(struct proxy *proxy);
+void srv_init_sslctx(struct server *s);
 
 /* functions related to server name resolution */
 int snr_update_srv_status(struct server *s, int has_no_ip);
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index d22ae96fb..747f7d392 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -36,6 +36,7 @@
 #include <haproxy/cfgparse.h>
 #include <haproxy/listener.h>
 #include <haproxy/openssl-compat.h>
+#include <haproxy/server.h>
 #include <haproxy/ssl_sock.h>
 
 
@@ -1352,19 +1353,7 @@ static int srv_parse_check_sni(char **args, int 
*cur_arg, struct proxy *px, stru
 static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, 
struct server *newsrv, char **err)
 {
        newsrv->check.use_ssl = 1;
-       if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
-               newsrv->ssl_ctx.ciphers = 
strdup(global_ssl.connect_default_ciphers);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
-       if (global_ssl.connect_default_ciphersuites && 
!newsrv->ssl_ctx.ciphersuites)
-               newsrv->ssl_ctx.ciphersuites = 
strdup(global_ssl.connect_default_ciphersuites);
-#endif
-       newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
-       newsrv->ssl_ctx.methods.flags |= 
global_ssl.connect_default_sslmethods.flags;
-       if (!newsrv->ssl_ctx.methods.min)
-               newsrv->ssl_ctx.methods.min = 
global_ssl.connect_default_sslmethods.min;
-       if (!newsrv->ssl_ctx.methods.max)
-               newsrv->ssl_ctx.methods.max = 
global_ssl.connect_default_sslmethods.max;
-
+       srv_init_sslctx(newsrv);
        return 0;
 }
 
@@ -1536,22 +1525,7 @@ static int srv_parse_sni(char **args, int *cur_arg, 
struct proxy *px, struct ser
 static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct 
server *newsrv, char **err)
 {
        newsrv->use_ssl = 1;
-       if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
-               newsrv->ssl_ctx.ciphers = 
strdup(global_ssl.connect_default_ciphers);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
-       if (global_ssl.connect_default_ciphersuites && 
!newsrv->ssl_ctx.ciphersuites)
-               newsrv->ssl_ctx.ciphersuites = 
strdup(global_ssl.connect_default_ciphersuites);
-#endif
-       newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
-       newsrv->ssl_ctx.methods.flags |= 
global_ssl.connect_default_sslmethods.flags;
-
-       if (!newsrv->ssl_ctx.methods.min)
-               newsrv->ssl_ctx.methods.min = 
global_ssl.connect_default_sslmethods.min;
-
-       if (!newsrv->ssl_ctx.methods.max)
-               newsrv->ssl_ctx.methods.max = 
global_ssl.connect_default_sslmethods.max;
-
-
+       srv_init_sslctx(newsrv);
        return 0;
 }
 
diff --git a/src/server.c b/src/server.c
index b1656d5ce..74f829674 100644
--- a/src/server.c
+++ b/src/server.c
@@ -38,6 +38,7 @@
 #include <haproxy/queue.h>
 #include <haproxy/sample.h>
 #include <haproxy/server.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/stats-t.h>
 #include <haproxy/stream.h>
 #include <haproxy/stream_interface.h>
@@ -1205,6 +1206,27 @@ void srv_compute_all_admin_states(struct proxy *px)
        }
 }
 
+/* Common function to init ssl_ctx
+ */
+void srv_init_sslctx(struct server *s)
+{
+       if (global_ssl.connect_default_ciphers && !s->ssl_ctx.ciphers)
+               s->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+       if (global_ssl.connect_default_ciphersuites && !s->ssl_ctx.ciphersuites)
+               s->ssl_ctx.ciphersuites = 
strdup(global_ssl.connect_default_ciphersuites);
+#endif
+       s->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
+       s->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
+
+       if (!s->ssl_ctx.methods.min)
+               s->ssl_ctx.methods.min = 
global_ssl.connect_default_sslmethods.min;
+
+       if (!s->ssl_ctx.methods.max)
+               s->ssl_ctx.methods.max = 
global_ssl.connect_default_sslmethods.max;
+}
+
+
 /* Note: must not be declared <const> as its list will be overwritten.
  * Please take care of keeping this list alphabetically sorted, doing so helps
  * all code contributors.
-- 
2.28.0

Reply via email to