Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 340ef2502eae2a37781e460d3590982c0e437fbd^! / .
commit340ef2502eae2a37781e460d3590982c0e437fbd[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Wed Oct 06 11:23:32 2021 +0200
committerWilly Tarreau <w@1wt.eu>Thu Oct 07 01:36:51 2021 +0200
tree1317aceec6b6d6ae211d2a68e8409723cd622b4c
parentb0d81946842e64b241ade4a9e051ac5ab9959c7c [diff]
CLEANUP: servers: do not include openssl-compat

This is exactly the same as for listeners, servers only include
openssl-compat to provide the SSL_CTX type to use as two pointers to
contexts, and to detect if NPN, ALPN, and cipher suites are supported,
and save up to 5 pointers in the ssl_ctx struct if not supported. This
is pointless, as these ones have all been supported for about a decade,
and including this file comes with a long dependency chain that impacts
lots of other files. The ctx was made a void*.

Now the build time was significantly reduced, from 9.2 to 8.1 seconds,
thanks to opensslconf.h being included "only" 456 times instead of 2424
previously!

The total number of lines of code compiled was reduced by 15%.

diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
index 15f2df3..fbd3cb7 100644
--- a/include/haproxy/server-t.h
+++ b/include/haproxy/server-t.h

@@ -35,10 +35,8 @@
 #include <haproxy/freq_ctr-t.h>
 #include <haproxy/listener-t.h>
 #include <haproxy/obj_type-t.h>
-#include <haproxy/openssl-compat.h>
 #include <haproxy/queue-t.h>
 #include <haproxy/resolvers-t.h>
-#include <haproxy/ssl_sock-t.h>
 #include <haproxy/stats-t.h>
 #include <haproxy/task-t.h>
 #include <haproxy/thread-t.h>
@@ -330,7 +328,7 @@
 
 	char *sni_expr;             /* Temporary variable to store a sample expression for SNI */
 	struct {
-		SSL_CTX *ctx;
+		void *ctx;
 		struct {
 			unsigned char *ptr;
 			int size;
@@ -341,9 +339,7 @@
 		__decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */
 
 		char *ciphers;			/* cipher suite to use if non-null */
-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
 		char *ciphersuites;			/* TLS 1.3 cipher suite to use if non-null */
-#endif
 		int options;			/* ssl options */
 		int verify;			/* verify method (set of SSL_VERIFY_* flags) */
 		struct tls_version_filter methods;	/* ssl methods */
@@ -351,14 +347,10 @@
 		char *ca_file;			/* CAfile to use on verify */
 		char *crl_file;			/* CRLfile to use on verify */
 		struct sample_expr *sni;        /* sample expression for SNI */
-#ifdef OPENSSL_NPN_NEGOTIATED
 		char *npn_str;                  /* NPN protocol string */
 		int npn_len;                    /* NPN protocol string length */
-#endif
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 		char *alpn_str;                 /* ALPN protocol string */
 		int alpn_len;                   /* ALPN protocol string length */
-#endif
 	} ssl_ctx;
 #ifdef USE_QUIC
 	struct quic_transport_params quic_params; /* QUIC transport parameters */