CLEANUP: server: always include the storage for SSL settings
The SSL stuff in struct server takes less than 3% of it and requires
lots of annoying ifdefs in the code just to take care of the cases
where the field is absent. Let's get rid of this and stop including
openssl-compat from server.c to detect NPN and ALPN capabilities.
This reduces the total LoC by another 0.4%.
(cherry picked from commit 80527bcb9d51d8506c8e7ef95de9c30d30722719)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/server.c b/src/server.c
index ff88dcb..4f692e2 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1827,7 +1827,6 @@
return NULL;
}
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
static struct sample_expr *srv_sni_sample_parse_expr(struct server *srv, struct proxy *px,
const char *file, int linenum, char **err)
{
@@ -1867,7 +1866,6 @@
return 0;
}
-#endif
static void display_parser_err(const char *file, int linenum, char **args, int cur_arg, int err_code, char **err)
{
@@ -1964,14 +1962,11 @@
if (src->ssl_ctx.methods.max)
srv->ssl_ctx.methods.max = src->ssl_ctx.methods.max;
-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
if (src->ssl_ctx.ciphersuites != NULL)
srv->ssl_ctx.ciphersuites = strdup(src->ssl_ctx.ciphersuites);
-#endif
if (src->sni_expr != NULL)
srv->sni_expr = strdup(src->sni_expr);
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
if (src->ssl_ctx.alpn_str) {
srv->ssl_ctx.alpn_str = malloc(src->ssl_ctx.alpn_len);
if (srv->ssl_ctx.alpn_str) {
@@ -1980,8 +1975,7 @@
srv->ssl_ctx.alpn_len = src->ssl_ctx.alpn_len;
}
}
-#endif
-#ifdef OPENSSL_NPN_NEGOTIATED
+
if (src->ssl_ctx.npn_str) {
srv->ssl_ctx.npn_str = malloc(src->ssl_ctx.npn_len);
if (srv->ssl_ctx.npn_str) {
@@ -1990,7 +1984,6 @@
srv->ssl_ctx.npn_len = src->ssl_ctx.npn_len;
}
}
-#endif
}
#endif
@@ -2346,13 +2339,13 @@
srv_settings_cpy(newsrv, srv, 1);
srv_prepare_for_resolution(newsrv, srv->hostname);
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+
if (newsrv->sni_expr) {
newsrv->ssl_ctx.sni = srv_sni_sample_parse_expr(newsrv, px, NULL, 0, NULL);
if (!newsrv->ssl_ctx.sni)
goto err;
}
-#endif
+
/* append to list of servers available to receive an hostname */
if (newsrv->srvrq)
LIST_APPEND(&newsrv->srvrq->attached_servers, &newsrv->srv_rec_item);
@@ -2371,9 +2364,7 @@
err:
_srv_parse_set_id_from_prefix(srv, srv->tmpl_info.prefix, srv->tmpl_info.nb_low);
if (newsrv) {
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
release_sample_expr(newsrv->ssl_ctx.sni);
-#endif
free_check(&newsrv->agent);
free_check(&newsrv->check);
LIST_DELETE(&newsrv->global_list);
@@ -2631,7 +2622,6 @@
return err_code;
}
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
/* This function is first intended to be used through parse_server to
* initialize a new server on startup.
*/
@@ -2650,7 +2640,6 @@
return ret;
}
-#endif
/* Server initializations finalization.
* Initialize health check, agent check and SNI expression if enabled.
@@ -2663,9 +2652,7 @@
struct server *srv, struct proxy *px,
int parse_flags, char **errmsg)
{
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
int ret;
-#endif
if (srv->do_check && srv->trackit) {
memprintf(errmsg, "unable to enable checks and tracking at the same time!");
@@ -2678,10 +2665,8 @@
return ERR_ALERT | ERR_FATAL;
}
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if ((ret = _srv_parse_sni_expr_init(args, cur_arg, srv, px, errmsg)) != 0)
return ret;
-#endif
/* A dynamic server is disabled on startup. It must not be counted as
* an active backend entry.