MEDIUM: ssl/ckch: add filename and linenum argument to crt-store parsing

Add filename and linenum arguments to the crt-store / ckch_conf parsing.

It allows to use them in the parsing function so we could emits error.

include/haproxy/ssl_ckch-t.h

@@ -192,7 +192,7 @@ struct ckch_conf_kws {
 	const char *name;
 	ssize_t offset;
 	enum parse_type_t type;
-	int (*func)(void *value, char *buf, struct ckch_data *d, int cli, char **err);
+	int (*func)(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
 };
 
 extern struct ckch_conf_kws ckch_conf_kws[];

include/haproxy/ssl_ckch.h

@@ -41,13 +41,13 @@ int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct ckch
 
 /* ckch_store functions */
 struct ckch_store *ckch_store_new_load_files_path(char *path, char **err);
-struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *conf, char **err);
+struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *conf, const char *filename, int linenum, char **err);
 struct ckch_store *ckchs_lookup(char *path);
 struct ckch_store *ckchs_dup(const struct ckch_store *src);
 struct ckch_store *ckch_store_new(const char *filename);
 void ckch_store_free(struct ckch_store *store);
 void ckch_store_replace(struct ckch_store *old_ckchs, struct ckch_store *new_ckchs);
-int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, char **err);
+int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, const char *file, int linenum, char **err);
 
 /* ckch_conf functions */
 
@@ -90,7 +90,7 @@ extern int (*ssl_commit_crlfile_cb)(const char *path, X509_STORE *ctx, char **er
  *
  */
 #define DECLARE_CKCH_CONF_LOAD(name, base, callback)                                                                                           \
-static inline int ckch_conf_load_##name(void *value, char *buf, struct ckch_data *d, int cli, char **err)   \
+static inline int ckch_conf_load_##name(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err)   \
 {                                                                                                                                              \
 	char path[PATH_MAX];                                                                                                                   \
 	int err_code = 0;                                                                                                                      \

include/haproxy/ssl_ocsp.h

@@ -55,7 +55,7 @@ void ssl_destroy_ocsp_update_task(void);
 
 int ssl_ocsp_update_insert(struct certificate_ocsp *ocsp);
 
-int ocsp_update_init(void *value, char *buf, struct ckch_data *d, int cli, char **err);
+int ocsp_update_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
 
 #endif /* (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) */
 

src/ssl_ckch.c

@@ -1095,7 +1095,7 @@ end:
  * This function allocate a ckch_store and populate it with certificates using
  * the ckch_conf structure.
  */
-struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *conf, char **err)
+struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *conf, const char *file, int linenum, char **err)
 {
 	struct ckch_store *ckchs;
 	int cfgerr = ERR_NONE;
@@ -1120,7 +1120,7 @@ struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *
 	}
 
 	/* load files using the ckch_conf */
-	cfgerr = ckch_store_load_files(conf, ckchs, 0, err);
+	cfgerr = ckch_store_load_files(conf, ckchs, 0, file, linenum, err);
 	if (cfgerr & ERR_FATAL)
 		goto end;
 
@@ -4560,7 +4560,7 @@ struct ckch_conf_kws ckch_conf_kws[] = {
 
 
 /* crt-store does not try to find files, but use the stored filename */
-int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, char **err)
+int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, const char *file, int linenum, char **err)
 {
 	int i;
 	int err_code = 0;
@@ -4587,7 +4587,7 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, ch
 				if (!v)
 					goto next;
 
-				rc = ckch_conf_kws[i].func(v, NULL, d, cli, err);
+				rc = ckch_conf_kws[i].func(v, NULL, d, cli, file, linenum, err);
 				if (rc) {
 					err_code |= ERR_ALERT | ERR_FATAL;
 					memprintf(err, "%s '%s' cannot be read or parsed.", err && *err ? *err : "", v);
@@ -4600,7 +4600,7 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, ch
 			case PARSE_TYPE_ONOFF:
 			{
 				int v = *(int *)src;
-				rc = ckch_conf_kws[i].func(&v, NULL, d, cli, err);
+				rc = ckch_conf_kws[i].func(&v, NULL, d, cli, file, linenum, err);
 				if (rc) {
 					err_code |= ERR_ALERT | ERR_FATAL;
 					memprintf(err, "%s '%d' cannot be read or parsed.", err && *err ? *err : "", v);
@@ -5001,7 +5001,7 @@ static int crtstore_parse_load(char **args, int section_type, struct proxy *curp
 	if (!c)
 		goto alloc_error;
 
-	err_code |= ckch_store_load_files(&f, c,  0, err);
+	err_code |= ckch_store_load_files(&f, c,  0, file, linenum, err);
 	if (err_code & ERR_FATAL)
 		goto out;
 

src/ssl_crtlist.c

@@ -530,7 +530,7 @@ int crtlist_load_crt(char *crt_path, struct ckch_conf *cc, struct crtlist *newli
 				}
 			}
 
-			ckchs = ckch_store_new_load_files_conf(crt_path, cc, err);
+			ckchs = ckch_store_new_load_files_conf(crt_path, cc, file, linenum, err);
 			if (ckchs == NULL) {
 				cfgerr |= ERR_ALERT | ERR_FATAL;
 				goto error;
@@ -1436,7 +1436,7 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
 
 		store->conf = cc;
 		/* fresh new, run more init (for example init ocsp-update tasks) */
-		cfgerr |= ckch_store_load_files(&cc, store, 1, &err);
+		cfgerr |= ckch_store_load_files(&cc, store, 1, "CLI", 1, &err);
 		if (cfgerr & ERR_FATAL)
 			goto error;