so we can reuse it later
Signed-off-by: William Dauchy <[email protected]>
---
include/haproxy/ssl_sock.h | 1 +
src/cfgparse-ssl.c | 46 ++++++++++++++++----------------------
2 files changed, 20 insertions(+), 27 deletions(-)
diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index 8af7edbf0..987a8fb32 100644
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -65,6 +65,7 @@ const char *ssl_sock_get_proto_version(struct connection
*conn);
int ssl_sock_parse_alpn(char *arg, char **alpn_str, int *alpn_len, char **err);
void ssl_sock_set_alpn(struct connection *conn, const unsigned char *, int);
void ssl_sock_set_servername(struct connection *conn, const char *hostname);
+void ssl_sock_init_srv(struct server *s);
int ssl_sock_get_cert_used_sess(struct connection *conn);
int ssl_sock_get_cert_used_conn(struct connection *conn);
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index d22ae96fb..238749d63 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1352,19 +1352,7 @@ static int srv_parse_check_sni(char **args, int
*cur_arg, struct proxy *px, stru
static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px,
struct server *newsrv, char **err)
{
newsrv->check.use_ssl = 1;
- if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
- newsrv->ssl_ctx.ciphers =
strdup(global_ssl.connect_default_ciphers);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
- if (global_ssl.connect_default_ciphersuites &&
!newsrv->ssl_ctx.ciphersuites)
- newsrv->ssl_ctx.ciphersuites =
strdup(global_ssl.connect_default_ciphersuites);
-#endif
- newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
- newsrv->ssl_ctx.methods.flags |=
global_ssl.connect_default_sslmethods.flags;
- if (!newsrv->ssl_ctx.methods.min)
- newsrv->ssl_ctx.methods.min =
global_ssl.connect_default_sslmethods.min;
- if (!newsrv->ssl_ctx.methods.max)
- newsrv->ssl_ctx.methods.max =
global_ssl.connect_default_sslmethods.max;
-
+ ssl_sock_init_srv(newsrv);
return 0;
}
@@ -1532,26 +1520,30 @@ static int srv_parse_sni(char **args, int *cur_arg,
struct proxy *px, struct ser
#endif
}
-/* parse the "ssl" server keyword */
-static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct
server *newsrv, char **err)
+/* common function to init ssl_ctx */
+void ssl_sock_init_srv(struct server *s)
{
- newsrv->use_ssl = 1;
- if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
- newsrv->ssl_ctx.ciphers =
strdup(global_ssl.connect_default_ciphers);
+ if (global_ssl.connect_default_ciphers && !s->ssl_ctx.ciphers)
+ s->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
- if (global_ssl.connect_default_ciphersuites &&
!newsrv->ssl_ctx.ciphersuites)
- newsrv->ssl_ctx.ciphersuites =
strdup(global_ssl.connect_default_ciphersuites);
+ if (global_ssl.connect_default_ciphersuites && !s->ssl_ctx.ciphersuites)
+ s->ssl_ctx.ciphersuites =
strdup(global_ssl.connect_default_ciphersuites);
#endif
- newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
- newsrv->ssl_ctx.methods.flags |=
global_ssl.connect_default_sslmethods.flags;
+ s->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
+ s->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
- if (!newsrv->ssl_ctx.methods.min)
- newsrv->ssl_ctx.methods.min =
global_ssl.connect_default_sslmethods.min;
-
- if (!newsrv->ssl_ctx.methods.max)
- newsrv->ssl_ctx.methods.max =
global_ssl.connect_default_sslmethods.max;
+ if (!s->ssl_ctx.methods.min)
+ s->ssl_ctx.methods.min =
global_ssl.connect_default_sslmethods.min;
+ if (!s->ssl_ctx.methods.max)
+ s->ssl_ctx.methods.max =
global_ssl.connect_default_sslmethods.max;
+}
+/* parse the "ssl" server keyword */
+static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct
server *newsrv, char **err)
+{
+ newsrv->use_ssl = 1;
+ ssl_sock_init_srv(newsrv);
return 0;
}
--
2.28.0
