MEDIUM: ssl: split ssl_sock_add_cert_sni()
In order to allow the creation of sni_ctx in runtime, we need to split
the function to allow rollback.
We need to be able to allocate all sni_ctxs required before inserting
them in case we need to rollback if we didn't succeed the allocation.
The function was splitted in 2 parts.
The first one ckch_inst_add_cert_sni() allocates a struct sni_ctx, fill
it with the right data and insert it in the ckch_inst's list of sni_ctx.
The second will take every sni_ctx in the ckch_inst and insert them in
the bind_conf's sni tree.
diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h
index 0d6ed63..f7960c2 100644
--- a/include/types/ssl_sock.h
+++ b/include/types/ssl_sock.h
@@ -36,7 +36,8 @@
struct sni_ctx {
SSL_CTX *ctx; /* context associated to the certificate */
int order; /* load order for the certificate */
- uint8_t neg; /* reject if match */
+ uint8_t neg:1; /* reject if match */
+ uint8_t wild:1; /* wildcard sni */
struct pkey_info kinfo; /* pkey info */
struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */
struct list by_ckch_inst; /* chained in ckch_inst's list of sni_ctx */