1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MEDIUM: ssl: replace "crt" lines by "ssl-f-use" lines

Browse Source 
The new "crt" lines in frontend and listen sections are confusing:

- a filename is mandatory but we could need a syntax without the
  filename in the future, if the filename is generated for example
- there is no clue about the fact that its only used on the frontend
  side when reading the line

A new "ssl-f-use" line replaces the "crt" line, but a "crt" keyword
can be used on this line. "f" indicates that this is the frontend
configuration, a "ssl-b-use" keyword could be used in the future.

The "crt" lines only appeared in 3.2-dev so this won't change anything
for people using configurations from previous major versions.
This commit is contained in:
William Lallemand 2025-04-03 16:12:49 +02:00
parent 4715c557e9
commit c7f29afcea
1 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/cfgparse-ssl.c
View File

@ -2168,24 +2168,19 @@ struct cfg_crt_node {
/* list used for inline crt-list initialization */
static struct list cur_crtlist = LIST_HEAD_INIT(cur_crtlist);
/*
* Parse a "crt" line in a frontend.
* Parse a "ssl-f-use" line in a frontend.
*/
static int proxy_parse_crt(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int linenum,
char **err)
static int proxy_parse_ssl_f_use(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int linenum,
char **err)
{
int cfgerr = 0;
struct ssl_bind_conf *ssl_conf = NULL;
struct ckch_conf *ckch_conf = NULL;
struct cfg_crt_node *cfg_crt_node = NULL;
int cur_arg = 2;
int cur_arg = 1;
int i;
if (!*args[1]) {
memprintf(err, "parsing [%s:%d] : '%s' : expects a certificate name", file, linenum, args[0]);
goto error;
}
cfg_crt_node = calloc(1, sizeof *cfg_crt_node);
if (!cfg_crt_node) {
memprintf(err, "not enough memory!");
@ -2546,7 +2541,7 @@ static struct cfg_kw_list cfg_kws = {ILH, {
{ CFG_GLOBAL, "ssl-load-extra-files", ssl_parse_global_extra_files },
{ CFG_GLOBAL, "ssl-load-extra-del-ext", ssl_parse_global_extra_noext },
{ CFG_LISTEN, "crt", proxy_parse_crt },
{ CFG_LISTEN, "ssl-f-use", proxy_parse_ssl_f_use },
{ 0, NULL, NULL },
}};