MINOR: ssl: clean unused ACLs declarations
Now those ACLs are automatically created from pattern fetch declare.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 186be3e..ac004e7 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -10309,33 +10309,21 @@
For instance, "ssl_c_i_dn(OU,2)" the second organization unit, and
"ssl_c_i_dn(CN)" retrieves the common name.
- ACL derivatives :
- ssl_c_i_dn([<entry>[,<occ>]]) : exact string match
-
ssl_c_key_alg : string
Returns the name of the algorithm used to generate the key of the certificate
presented by the client when the incoming connection was made over an SSL/TLS
transport layer.
- ACL derivatives :
- ssl_c_key_alg : exact string match
-
ssl_c_notafter : string
Returns the end date presented by the client as a formatted string
YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS
transport layer.
- ACL derivatives :
- ssl_c_notafter : exact string match
-
ssl_c_notbefore : string
Returns the start date presented by the client as a formatted string
YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS
transport layer.
- ACL derivatives :
- ssl_c_notbefore : exact string match
-
ssl_c_s_dn([<entry>[,<occ>]]) : string
When the incoming connection was made over an SSL/TLS transport layer,
returns the full distinguished name of the subject of the certificate
@@ -10346,17 +10334,11 @@
For instance, "ssl_c_s_dn(OU,2)" the second organization unit, and
"ssl_c_s_dn(CN)" retrieves the common name.
- ACL derivatives :
- ssl_c_s_dn([<entry>[,<occ>]]) : exact string match
-
ssl_c_serial : binary
Returns the serial of the certificate presented by the client when the
incoming connection was made over an SSL/TLS transport layer. When used for
an ACL, the value(s) to match against can be passed in hexadecimal form.
- ACL derivatives :
- ssl_c_serial : hex block match
-
ssl_c_sha1 : binary
Returns the SHA-1 fingerprint of the certificate presented by the client when
the incoming connection was made over an SSL/TLS transport layer. This can be
@@ -10367,9 +10349,6 @@
the client when the incoming connection was made over an SSL/TLS transport
layer.
- ACL derivatives :
- ssl_c_sig_alg : exact string match
-
ssl_c_used : boolean
Returns true if current SSL session uses a client certificate even if current
connection uses SSL session resumption. See also "ssl_fc_has_crt".
@@ -10394,33 +10373,21 @@
For instance, "ssl_f_i_dn(OU,2)" the second organization unit, and
"ssl_f_i_dn(CN)" retrieves the common name.
- ACL derivatives :
- ssl_f_i_dn([<entry>[,<occ>]]) : exact string match
-
ssl_f_key_alg : string
Returns the name of the algorithm used to generate the key of the certificate
presented by the frontend when the incoming connection was made over an
SSL/TLS transport layer.
- ACL derivatives :
- ssl_f_key_alg : exact string match
-
ssl_f_notafter : string
Returns the end date presented by the frontend as a formatted string
YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS
transport layer.
- ACL derivatives :
- ssl_f_notafter : exact string match
-
ssl_f_notbefore : string
Returns the start date presented by the frontend as a formatted string
YYMMDDhhmmss[Z] when the incoming connection was made over an SSL/TLS
transport layer.
- ACL derivatives :
- ssl_f_notbefore : exact string match
-
ssl_f_s_dn([<entry>[,<occ>]]) : string
When the incoming connection was made over an SSL/TLS transport layer,
returns the full distinguished name of the subject of the certificate
@@ -10431,25 +10398,16 @@
For instance, "ssl_f_s_dn(OU,2)" the second organization unit, and
"ssl_f_s_dn(CN)" retrieves the common name.
- ACL derivatives :
- ssl_f_s_dn([<entry>[,<occ>]]) : exact string match
-
ssl_f_serial : binary
Returns the serial of the certificate presented by the frontend when the
incoming connection was made over an SSL/TLS transport layer. When used for
an ACL, the value(s) to match against can be passed in hexadecimal form.
- ACL derivatives :
- ssl_f_serial : hex block match
-
ssl_f_sig_alg : string
Returns the name of the algorithm used to sign the certificate presented by
the frontend when the incoming connection was made over an SSL/TLS transport
layer.
- ACL derivatives :
- ssl_f_sig_alg : exact string match
-
ssl_f_version : integer
Returns the version of the certificate presented by the frontend when the
incoming connection was made over an SSL/TLS transport layer.
@@ -10481,16 +10439,10 @@
list, any other one may be requested. The TLS ALPN extension is meant to
replace the TLS NPN extension. See also "ssl_fc_npn".
- ACL derivatives :
- ssl_fc_alpn : exact string match
-
ssl_fc_cipher : string
Returns the name of the used cipher when the incoming connection was made
over an SSL/TLS transport layer.
- ACL derivatives :
- ssl_fc_cipher : exact string match
-
ssl_fc_has_crt : boolean
Returns true if a client certificate is present in an incoming connection over
SSL/TLS transport layer. Useful if 'verify' statement is set to 'optional'.
@@ -10516,16 +10468,10 @@
forces the client to pick a protocol from this list, any other one may be
requested. Please note that the TLS NPN extension was replaced with ALPN.
- ACL derivatives :
- ssl_fc_npn : exact string match
-
ssl_fc_protocol : string
Returns the name of the used protocol when the incoming connection was made
over an SSL/TLS transport layer.
- ACL derivatives :
- ssl_fc_protocol : exact string match
-
ssl_fc_unique_id : string
When the incoming connection was made over an SSL/TLS transport layer,
returns a base64 encoded string containing the TLS unique ID as defined
@@ -10551,7 +10497,6 @@
enabled (check haproxy -vv).
ACL derivatives :
- ssl_fc_sni : exact string match
ssl_fc_sni_end : suffix match
ssl_fc_sni_reg : regex match
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 473c3c9..6acc934 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3674,29 +3674,6 @@
* Please take care of keeping this list alphabetically sorted.
*/
static struct acl_kw_list acl_kws = {ILH, {
- { "ssl_c_i_dn", NULL, PAT_MATCH_STR },
- { "ssl_c_key_alg", NULL, PAT_MATCH_STR },
- { "ssl_c_notafter", NULL, PAT_MATCH_STR },
- { "ssl_c_notbefore", NULL, PAT_MATCH_STR },
- { "ssl_c_sig_alg", NULL, PAT_MATCH_STR },
- { "ssl_c_s_dn", NULL, PAT_MATCH_STR },
- { "ssl_c_serial", NULL, PAT_MATCH_BIN },
- { "ssl_f_i_dn", NULL, PAT_MATCH_STR },
- { "ssl_f_key_alg", NULL, PAT_MATCH_STR },
- { "ssl_f_notafter", NULL, PAT_MATCH_STR },
- { "ssl_f_notbefore", NULL, PAT_MATCH_STR },
- { "ssl_f_sig_alg", NULL, PAT_MATCH_STR },
- { "ssl_f_s_dn", NULL, PAT_MATCH_STR },
- { "ssl_f_serial", NULL, PAT_MATCH_BIN },
- { "ssl_fc_cipher", NULL, PAT_MATCH_STR },
-#ifdef OPENSSL_NPN_NEGOTIATED
- { "ssl_fc_npn", NULL, PAT_MATCH_STR },
-#endif
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
- { "ssl_fc_alpn", NULL, PAT_MATCH_STR },
-#endif
- { "ssl_fc_protocol", NULL, PAT_MATCH_STR },
- { "ssl_fc_sni", "ssl_fc_sni", PAT_MATCH_STR },
{ "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
{ "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
{ /* END */ },