commit 24bde43eab0db67482b3cd1769b8d3cb48e37a24
author William Lallemand <wlallemand@haproxy.com> Mon Mar 09 16:48:43 2020 +0100
committer William Lallemand <wlallemand@haproxy.org> Mon Mar 16 16:18:49 2020 +0100
tree 7c4d03d39405099eb1d749264cfcb3f03c01c13f
parent 06b22a8fba5a33536671684c1820ac611cc3ce63

MINOR: ssl: pass ckch_inst to ssl_sock_load_ckchs()

Pass a pointer to the struct ckch_inst to the ssl_sock_load_ckchs()
function so we can manipulate the ckch_inst from
ssl_sock_load_cert_list_file() and ssl_sock_load_cert().

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index edf4f92..1ff9856 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4406,24 +4406,23 @@
 /* Returns a set of ERR_* flags possibly with an error in <err>. */
 static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
                                struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
-                               char **sni_filter, int fcount, char **err)
+                               char **sni_filter, int fcount, struct ckch_inst **ckch_inst, char **err)
 {
-	struct ckch_inst *ckch_inst = NULL;
 	int errcode = 0;
 
 	/* we found the ckchs in the tree, we can use it directly */
 	if (ckchs->multi)
-		errcode |= ckch_inst_new_load_multi_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
+		errcode |= ckch_inst_new_load_multi_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, ckch_inst, err);
 	else
-		errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
+		errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, ckch_inst, err);
 
 	if (errcode & ERR_CODE)
 		return errcode;
 
-	ssl_sock_load_cert_sni(ckch_inst, bind_conf);
+	ssl_sock_load_cert_sni(*ckch_inst, bind_conf);
 
 	/* succeed, add the instance to the ckch_store's list of instance */
-	LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
+	LIST_ADDQ(&ckchs->ckch_inst, &((*ckch_inst)->by_ckchs));
 	return errcode;
 }
 
@@ -4456,6 +4455,7 @@
 	else {
 		for (i = 0; i < n; i++) {
 			struct dirent *de = de_list[i];
+			struct ckch_inst *ckch_inst = NULL;
 
 			end = strrchr(de->d_name, '.');
 			if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl") || !strcmp(end, ".key")))
@@ -4505,7 +4505,7 @@
 					if (!ckchs)
 						cfgerr |= ERR_ALERT | ERR_FATAL;
 					else
-						cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
+						cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
 					/* Successfully processed the bundle */
 					goto ignore_entry;
 				}
@@ -4517,7 +4517,7 @@
 			if (!ckchs)
 				cfgerr |= ERR_ALERT | ERR_FATAL;
 			else
-				cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
+				cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
 
 ignore_entry:
 			free(de);
@@ -4598,6 +4598,7 @@
 		char *line = thisline;
 		char *crt_path;
 		struct ssl_bind_conf *ssl_conf = NULL;
+		struct ckch_inst *ckch_inst = NULL;
 
 		linenum++;
 		end = line + strlen(line);
@@ -4722,7 +4723,7 @@
 		if (!ckchs)
 			cfgerr |= ERR_ALERT | ERR_FATAL;
 		else
-			cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
+			cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, &ckch_inst, err);
 
 		if (cfgerr) {
 			memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
@@ -4740,10 +4741,11 @@
 	char fp[MAXPATHLEN+1];
 	int cfgerr = 0;
 	struct ckch_store *ckchs;
+	struct ckch_inst *ckch_inst = NULL;
 
 	if ((ckchs = ckchs_lookup(path))) {
 		/* we found the ckchs in the tree, we can use it directly */
-		return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
+		return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
 	}
 	if (stat(path, &buf) == 0) {
 		if (S_ISDIR(buf.st_mode) == 0) {
@@ -4751,7 +4753,7 @@
 			if (!ckchs)
 				return ERR_ALERT | ERR_FATAL;
 
-			return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
+			return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
 		} else {
 			return ssl_sock_load_cert_dir(path, bind_conf, err);
 		}
@@ -4762,7 +4764,7 @@
 			ckchs =  ckchs_load_cert_file(path, 1,  err);
 			if (!ckchs)
 				return ERR_ALERT | ERR_FATAL;
-			cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
+			cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
 		} else {
 			memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
 			          err && *err ? *err : "", fp, strerror(errno));