Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 170b35bb9588500106067c6c22de3d708e314da1^! / .
commit170b35bb9588500106067c6c22de3d708e314da1[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Thu May 05 09:09:15 2022 +0200
committerWilly Tarreau <w@1wt.eu>Fri May 06 18:13:36 2022 +0200
tree391dc34557c2c86c2a1c7e13c6aca6a7b9fe02f7
parent9c5a38c1b89eec9aa8355388755cb7742cf5440a [diff]
CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore

Instead the single-pointer context is placed into appctx->svcctx.
There's no need to declare a structure there for this.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 161fb33..e8e0eab 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -7425,7 +7425,9 @@
 static int cli_io_handler_show_ocspresponse_detail(struct appctx *appctx);
 #endif
 
-/* parsing function for 'show ssl ocsp-response [id]' */
+/* parsing function for 'show ssl ocsp-response [id]'. If an entry is forced,
+ * it's set into appctx->svcctx.
+ */
 static int cli_parse_show_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
 {
 #if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
@@ -7452,7 +7454,7 @@
 			return cli_err(appctx, "Certificate ID does not match any certificate.\n");
 		}
 
-		appctx->ctx.cli.p0 = ocsp;
+		appctx->svcctx = ocsp;
 		appctx->io_handler = cli_io_handler_show_ocspresponse_detail;
 	}
 
@@ -7493,6 +7495,7 @@
 /*
  * IO handler of "show ssl ocsp-response". The command taking a specific ID
  * is managed in cli_io_handler_show_ocspresponse_detail.
+ * The current entry is taken from appctx->svcctx.
  */
 static int cli_io_handler_show_ocspresponse(struct appctx *appctx)
 {
@@ -7515,11 +7518,11 @@
 	if ((bio = BIO_new(BIO_s_mem())) == NULL)
 		goto end;
 
-	if (!appctx->ctx.cli.p0) {
+	if (!appctx->svcctx) {
 		chunk_appendf(trash, "# Certificate IDs\n");
 		node = ebmb_first(&cert_ocsp_tree);
 	} else {
-		node = &((struct certificate_ocsp *)appctx->ctx.cli.p0)->key;
+		node = &((struct certificate_ocsp *)appctx->svcctx)->key;
 	}
 
 	while (node) {
@@ -7562,7 +7565,7 @@
 	}
 
 end:
-	appctx->ctx.cli.p0 = NULL;
+	appctx->svcctx = NULL;
 	if (trash)
 		free_trash_chunk(trash);
 	if (tmp)
@@ -7579,7 +7582,7 @@
 		free_trash_chunk(tmp);
 	if (bio)
 		BIO_free(bio);
-	appctx->ctx.cli.p0 = ocsp;
+	appctx->svcctx = ocsp;
 	return 0;
 #else
 	return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
@@ -7760,15 +7763,15 @@
 }
 
 
-/* IO handler of details "show ssl ocsp-response <id>". */
+/* IO handler of details "show ssl ocsp-response <id>".
+ * The current entry is taken from appctx->svcctx.
+ */
 static int cli_io_handler_show_ocspresponse_detail(struct appctx *appctx)
 {
 	struct buffer *trash = alloc_trash_chunk();
-	struct certificate_ocsp *ocsp = NULL;
+	struct certificate_ocsp *ocsp = appctx->svcctx;
 	struct conn_stream *cs = appctx->owner;
 
-	ocsp = appctx->ctx.cli.p0;
-
 	if (trash == NULL)
 		return 1;
 
@@ -7781,7 +7784,8 @@
 		cs_rx_room_blk(cs);
 		goto yield;
 	}
-	appctx->ctx.cli.p0 = NULL;
+
+	appctx->svcctx = NULL;
 	if (trash)
 		free_trash_chunk(trash);
 	return 1;