commit 14e36a101c40617cf9adaa1bec051ea197aa1c40
author Willy Tarreau <w@1wt.eu> Wed Dec 21 23:28:13 2016 +0100
committer Willy Tarreau <w@1wt.eu> Wed Dec 21 23:39:26 2016 +0100
tree 1fa364fda4803823675de3966413233f138cd292
parent f22e9683e9bf5f7eb73ed89d21257946d4c7b4cc

MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock

This one was missing an arg count check which was added in the operation.

src/cfgparse.c

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 24bccd2..3ed2c22 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1105,22 +1105,6 @@
 		}
 #endif /* SYSTEM_MAXCONN */
 	}
-#ifdef USE_OPENSSL
-#ifndef OPENSSL_NO_DH
-	else if (!strcmp(args[0], "ssl-dh-param-file")) {
-		if (*(args[1]) == 0) {
-			Alert("parsing [%s:%d] : '%s' expects a file path as an argument.\n", file, linenum, args[0]);
-			err_code |= ERR_ALERT | ERR_FATAL;
-			goto out;
-		}
-		if (ssl_sock_load_global_dh_param_from_file(args[1])) {
-			Alert("parsing [%s:%d] : '%s': unable to load DH parameters from file <%s>.\n", file, linenum, args[0], args[1]);
-			err_code |= ERR_ALERT | ERR_FATAL;
-			goto out;
-		}
-	}
-#endif
-#endif
 	else if (!strcmp(args[0], "ssl-server-verify")) {
 		if (alertif_too_many_args(1, file, linenum, args, &err_code))
 			goto out;

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0ac7315..06d7cab 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6112,6 +6112,28 @@
 }
 
 #ifndef OPENSSL_NO_DH
+/* parse "ssl-dh-param-file".
+ * Returns <0 on alert, >0 on warning, 0 on success.
+ */
+static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
+                                       struct proxy *defpx, const char *file, int line,
+                                       char **err)
+{
+	if (too_many_args(1, args, err, NULL))
+		return -1;
+
+	if (*(args[1]) == 0) {
+		memprintf(err, "'%s' expects a file path as an argument.", args[0]);
+		return -1;
+	}
+
+	if (ssl_sock_load_global_dh_param_from_file(args[1])) {
+		memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
+		return -1;
+	}
+	return 0;
+}
+
 /* parse "ssl.default-dh-param".
  * Returns <0 on alert, >0 on warning, 0 on success.
  */
@@ -6539,6 +6561,9 @@
 	{ CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
 	{ CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
 	{ CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
+#ifndef OPENSSL_NO_DH
+	{ CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
+#endif
 	{ CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
 #ifndef OPENSSL_NO_DH
 	{ CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },