1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MEDIUM: ssl/ckch: add filename and linenum argument to crt-store parsing

Browse Source 
Add filename and linenum arguments to the crt-store / ckch_conf parsing.

It allows to use them in the parsing function so we could emits error.
This commit is contained in:
William Lallemand 2025-04-02 11:40:42 +02:00
parent 00c967fac4
commit 20718f40b6
5 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/haproxy/ssl_ckch-t.h
View File

@ -192,7 +192,7 @@ struct ckch_conf_kws {
const char *name; const char *name;
ssize_t offset; ssize_t offset;
enum parse_type_t type; enum parse_type_t type;
int (*func)(void *value, char *buf, struct ckch_data *d, int cli, char **err); int (*func)(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
}; };
extern struct ckch_conf_kws ckch_conf_kws[]; extern struct ckch_conf_kws ckch_conf_kws[];

30
include/haproxy/ssl_ckch.h
View File

@ -41,13 +41,13 @@ int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct ckch
/* ckch_store functions */ /* ckch_store functions */
struct ckch_store *ckch_store_new_load_files_path(char *path, char **err); struct ckch_store *ckch_store_new_load_files_path(char *path, char **err);
struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *conf, char **err); struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *conf, const char *filename, int linenum, char **err);
struct ckch_store *ckchs_lookup(char *path); struct ckch_store *ckchs_lookup(char *path);
struct ckch_store *ckchs_dup(const struct ckch_store *src); struct ckch_store *ckchs_dup(const struct ckch_store *src);
struct ckch_store *ckch_store_new(const char *filename); struct ckch_store *ckch_store_new(const char *filename);
void ckch_store_free(struct ckch_store *store); void ckch_store_free(struct ckch_store *store);
void ckch_store_replace(struct ckch_store *old_ckchs, struct ckch_store *new_ckchs); void ckch_store_replace(struct ckch_store *old_ckchs, struct ckch_store *new_ckchs);
int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, char **err); int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, const char *file, int linenum, char **err);
/* ckch_conf functions */ /* ckch_conf functions */
@ -89,19 +89,19 @@ extern int (*ssl_commit_crlfile_cb)(const char *path, X509_STORE *ctx, char **er
* The following macro allow to declare a wrapper on function that actually load files * The following macro allow to declare a wrapper on function that actually load files
* *
*/ */
#define DECLARE_CKCH_CONF_LOAD(name, base, callback) \ #define DECLARE_CKCH_CONF_LOAD(name, base, callback) \
static inline int ckch_conf_load_##name(void *value, char *buf, struct ckch_data *d, int cli, char **err) \ static inline int ckch_conf_load_##name(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err) \
{ \ { \
char path[PATH_MAX]; \ char path[PATH_MAX]; \
int err_code = 0; \ int err_code = 0; \
if (cli) \ if (cli) \
return 0; \ return 0; \
err_code |= path_base(value, (base), path, err); \ err_code |= path_base(value, (base), path, err); \
if (err_code & ERR_CODE) \ if (err_code & ERR_CODE) \
goto out; \ goto out; \
err_code |= (callback)(path, buf, d, err); \ err_code |= (callback)(path, buf, d, err); \
out: \ out: \
return err_code; \ return err_code; \
}; };
#endif /* USE_OPENSSL */ #endif /* USE_OPENSSL */

2
include/haproxy/ssl_ocsp.h
View File

@ -55,7 +55,7 @@ void ssl_destroy_ocsp_update_task(void);
int ssl_ocsp_update_insert(struct certificate_ocsp *ocsp); int ssl_ocsp_update_insert(struct certificate_ocsp *ocsp);
int ocsp_update_init(void *value, char *buf, struct ckch_data *d, int cli, char **err); int ocsp_update_init(void *value, char *buf, struct ckch_data *d, int cli, const char *filename, int linenum, char **err);
#endif /* (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) */ #endif /* (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) */

12
src/ssl_ckch.c
View File

@ -1095,7 +1095,7 @@ end:
* This function allocate a ckch_store and populate it with certificates using * This function allocate a ckch_store and populate it with certificates using
* the ckch_conf structure. * the ckch_conf structure.
*/ */
struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *conf, char **err) struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *conf, const char *file, int linenum, char **err)
{ {
struct ckch_store *ckchs; struct ckch_store *ckchs;
int cfgerr = ERR_NONE; int cfgerr = ERR_NONE;
@ -1120,7 +1120,7 @@ struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *
} }
/* load files using the ckch_conf */ /* load files using the ckch_conf */
cfgerr = ckch_store_load_files(conf, ckchs, 0, err); cfgerr = ckch_store_load_files(conf, ckchs, 0, file, linenum, err);
if (cfgerr & ERR_FATAL) if (cfgerr & ERR_FATAL)
goto end; goto end;
@ -4560,7 +4560,7 @@ struct ckch_conf_kws ckch_conf_kws[] = {
/* crt-store does not try to find files, but use the stored filename */ /* crt-store does not try to find files, but use the stored filename */
int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, char **err) int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, const char *file, int linenum, char **err)
{ {
int i; int i;
int err_code = 0; int err_code = 0;
@ -4587,7 +4587,7 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, ch
if (!v) if (!v)
goto next; goto next;
rc = ckch_conf_kws[i].func(v, NULL, d, cli, err); rc = ckch_conf_kws[i].func(v, NULL, d, cli, file, linenum, err);
if (rc) { if (rc) {
err_code |= ERR_ALERT | ERR_FATAL; err_code |= ERR_ALERT | ERR_FATAL;
memprintf(err, "%s '%s' cannot be read or parsed.", err && *err ? *err : "", v); memprintf(err, "%s '%s' cannot be read or parsed.", err && *err ? *err : "", v);
@ -4600,7 +4600,7 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, int cli, ch
case PARSE_TYPE_ONOFF: case PARSE_TYPE_ONOFF:
{ {
int v = *(int *)src; int v = *(int *)src;
rc = ckch_conf_kws[i].func(&v, NULL, d, cli, err); rc = ckch_conf_kws[i].func(&v, NULL, d, cli, file, linenum, err);
if (rc) { if (rc) {
err_code |= ERR_ALERT | ERR_FATAL; err_code |= ERR_ALERT | ERR_FATAL;
memprintf(err, "%s '%d' cannot be read or parsed.", err && *err ? *err : "", v); memprintf(err, "%s '%d' cannot be read or parsed.", err && *err ? *err : "", v);
@ -5001,7 +5001,7 @@ static int crtstore_parse_load(char **args, int section_type, struct proxy *curp
if (!c) if (!c)
goto alloc_error; goto alloc_error;
err_code |= ckch_store_load_files(&f, c, 0, err); err_code |= ckch_store_load_files(&f, c, 0, file, linenum, err);
if (err_code & ERR_FATAL) if (err_code & ERR_FATAL)
goto out; goto out;

4
src/ssl_crtlist.c
View File

@ -530,7 +530,7 @@ int crtlist_load_crt(char *crt_path, struct ckch_conf *cc, struct crtlist *newli
} }
} }
ckchs = ckch_store_new_load_files_conf(crt_path, cc, err); ckchs = ckch_store_new_load_files_conf(crt_path, cc, file, linenum, err);
if (ckchs == NULL) { if (ckchs == NULL) {
cfgerr |= ERR_ALERT | ERR_FATAL; cfgerr |= ERR_ALERT | ERR_FATAL;
goto error; goto error;
@ -1436,7 +1436,7 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
store->conf = cc; store->conf = cc;
/* fresh new, run more init (for example init ocsp-update tasks) */ /* fresh new, run more init (for example init ocsp-update tasks) */
cfgerr |= ckch_store_load_files(&cc, store, 1, &err); cfgerr |= ckch_store_load_files(&cc, store, 1, "CLI", 1, &err);
if (cfgerr & ERR_FATAL) if (cfgerr & ERR_FATAL)
goto error; goto error;