CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS
The new flag will now replace this boolean variable.
diff --git a/include/haproxy/listener-t.h b/include/haproxy/listener-t.h
index 54546d1..ac50a46 100644
--- a/include/haproxy/listener-t.h
+++ b/include/haproxy/listener-t.h
@@ -115,6 +115,7 @@
/* flags used with bind_conf->options */
#define BC_O_USE_SSL 0x00000001 /* SSL is being used on this bind_conf */
+#define BC_O_GENERATE_CERTS 0x00000002 /* 1 if generate-certificates option is set, else 0 */
/* flags used with bind_conf->ssl_options */
@@ -181,7 +182,6 @@
const struct mux_proto_list *mux_proto; /* the mux to use for all incoming connections (specified by the "proto" keyword) */
struct xprt_ops *xprt; /* transport-layer operations for all listeners */
uint options; /* set of BC_O_* flags */
- int generate_certs; /* 1 if generate-certificates option is set, else 0 */
int level; /* stats access level (ACCESS_LVL_*) */
int severity_output; /* default severity output format in cli feedback messages */
struct list listeners; /* list of listeners using this bind config */
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 33d0bdb..fad0828 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1151,7 +1151,7 @@
static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
- conf->generate_certs = 1;
+ conf->options |= BC_O_GENERATE_CERTS;
#else
memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
err && *err ? *err : "");
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 507bc0c..472bf55 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2557,7 +2557,7 @@
struct bind_conf *s = priv;
(void)al; /* shut gcc stupid warning */
- if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
+ if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || (s->options & BC_O_GENERATE_CERTS))
return SSL_TLSEXT_ERR_OK;
return SSL_TLSEXT_ERR_NOACK;
}
@@ -2664,7 +2664,7 @@
servername_len = len;
} else {
#if (!defined SSL_NO_GENERATE_CERTIFICATES)
- if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
+ if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate_from_conn(s, ssl)) {
goto allow_early;
}
#endif
@@ -2827,7 +2827,7 @@
HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
#if (!defined SSL_NO_GENERATE_CERTIFICATES)
- if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
+ if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate(trash.area, s, ssl)) {
/* switch ctx done in ssl_sock_generate_certificate */
goto allow_early;
}
@@ -2897,7 +2897,7 @@
servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (!servername) {
#if (!defined SSL_NO_GENERATE_CERTIFICATES)
- if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
+ if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate_from_conn(s, ssl))
return SSL_TLSEXT_ERR_OK;
#endif
if (s->strict_sni)
@@ -2939,7 +2939,7 @@
}
if (!node) {
#if (!defined SSL_NO_GENERATE_CERTIFICATES)
- if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
+ if (s->options & BC_O_GENERATE_CERTS && ssl_sock_generate_certificate(servername, s, ssl)) {
/* switch ctx done in ssl_sock_generate_certificate */
HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
return SSL_TLSEXT_ERR_OK;
@@ -5453,7 +5453,7 @@
return 0;
}
if (!bind_conf->default_ctx) {
- if (bind_conf->strict_sni && !bind_conf->generate_certs) {
+ if (bind_conf->strict_sni && !(bind_conf->options & BC_O_GENERATE_CERTS)) {
ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
}
@@ -5606,7 +5606,7 @@
int ret = 0;
char *err = NULL;
- if (!bind_conf->generate_certs)
+ if (!(bind_conf->options & BC_O_GENERATE_CERTS))
return ret;
#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
@@ -5657,7 +5657,7 @@
free(ckch);
}
- bind_conf->generate_certs = 0;
+ bind_conf->options &= ~BC_O_GENERATE_CERTS;
ret++;
return ret;
}