Hello HAProxy Team, This patch addresses issue https://github.com/haproxy/haproxy/issues/3246 by clarifying error messages for SSL keywords that are often conditionally compiled.
Previously, if a user tried to use a keyword like 'ssl-dh-param-file' when HAProxy was compiled with -DOPENSSL_NO_DH, the config parser would report "unknown keyword", which gave no hint about the root cause. With this change, the keywords are always registered, but their parsing helper functions explicitly check for feature support and return descriptive errors like: "'ssl-dh-param-file' is not supported by this SSL library (compiled with OPENSSL_NO_DH)." Refactored keywords include: - ssl-dh-param-file - ssl-engine - ssl-propquery, ssl-provider, ssl-provider-path - ssl-default-bind-curves, ssl-default-server-curves - ssl-default-bind-sigalgs, ssl-default-server-sigalgs - ssl-default-bind-client-sigalgs, ssl-default-server-client-sigalgs The change is localized to src/cfgparse-ssl.c and involves moving #ifdef guards from the keyword registration list into the parsing functions. Please review and leave comments. Thanks, Hyeonggeun. Hyeonggeun Oh (1): MINOR: ssl: clarify error reporting for unsupported keywords src/cfgparse-ssl.c | 65 ++++++++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 25 deletions(-) -- 2.48.1
