MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf()
Instead of hard-coding all SSL destruction in cfgparse.c and haproxy.c,
we now register this new function as the transport layer's destroy_bind_conf()
and call it only when defined. This removes some non-obvious SSL-specific
code and #ifdefs from cfgparse.c and haproxy.c
diff --git a/src/cfgparse.c b/src/cfgparse.c
index f1f0f9b..6d446ad 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -8801,31 +8801,8 @@
/* Release unused SSL configs */
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
- if (bind_conf->is_ssl)
- continue;
-#ifdef USE_OPENSSL
- ssl_sock_free_ca(bind_conf);
- ssl_sock_free_all_ctx(bind_conf);
- free(bind_conf->ca_file);
- free(bind_conf->ca_sign_file);
- free(bind_conf->ca_sign_pass);
- free(bind_conf->ciphers);
- free(bind_conf->ecdhe);
- free(bind_conf->crl_file);
- if(bind_conf->keys_ref) {
- free(bind_conf->keys_ref->filename);
- free(bind_conf->keys_ref->tlskeys);
- LIST_DEL(&bind_conf->keys_ref->list);
- free(bind_conf->keys_ref);
- }
- bind_conf->keys_ref = NULL;
- bind_conf->crl_file = NULL;
- bind_conf->ecdhe = NULL;
- bind_conf->ciphers = NULL;
- bind_conf->ca_sign_pass = NULL;
- bind_conf->ca_sign_file = NULL;
- bind_conf->ca_file = NULL;
-#endif /* USE_OPENSSL */
+ if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf)
+ bind_conf->xprt->destroy_bind_conf(bind_conf);
}
if (my_popcountl(curproxy->bind_proc & nbits(global.nbproc)) > 1) {
diff --git a/src/haproxy.c b/src/haproxy.c
index ef846fe..adffda9 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1466,16 +1466,8 @@
/* Release unused SSL configs. */
list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
-#ifdef USE_OPENSSL
- ssl_sock_free_ca(bind_conf);
- ssl_sock_free_all_ctx(bind_conf);
- free(bind_conf->ca_file);
- free(bind_conf->ca_sign_file);
- free(bind_conf->ca_sign_pass);
- free(bind_conf->ciphers);
- free(bind_conf->ecdhe);
- free(bind_conf->crl_file);
-#endif /* USE_OPENSSL */
+ if (bind_conf->xprt->destroy_bind_conf)
+ bind_conf->xprt->destroy_bind_conf(bind_conf);
free(bind_conf->file);
free(bind_conf->arg);
LIST_DEL(&bind_conf->by_fe);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 490003f..ae821e0 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3308,6 +3308,32 @@
bind_conf->default_ctx = NULL;
}
+/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
+void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
+{
+ ssl_sock_free_ca(bind_conf);
+ ssl_sock_free_all_ctx(bind_conf);
+ free(bind_conf->ca_file);
+ free(bind_conf->ca_sign_file);
+ free(bind_conf->ca_sign_pass);
+ free(bind_conf->ciphers);
+ free(bind_conf->ecdhe);
+ free(bind_conf->crl_file);
+ if (bind_conf->keys_ref) {
+ free(bind_conf->keys_ref->filename);
+ free(bind_conf->keys_ref->tlskeys);
+ LIST_DEL(&bind_conf->keys_ref->list);
+ free(bind_conf->keys_ref);
+ }
+ bind_conf->keys_ref = NULL;
+ bind_conf->crl_file = NULL;
+ bind_conf->ecdhe = NULL;
+ bind_conf->ciphers = NULL;
+ bind_conf->ca_sign_pass = NULL;
+ bind_conf->ca_sign_file = NULL;
+ bind_conf->ca_file = NULL;
+}
+
/* Load CA cert file and private key used to generate certificates */
int
ssl_sock_load_ca(struct bind_conf *bind_conf)
@@ -6632,6 +6658,7 @@
.close = ssl_sock_close,
.init = ssl_sock_init,
.prepare_bind_conf = ssl_sock_prepare_bind_conf,
+ .destroy_bind_conf = ssl_sock_destroy_bind_conf,
.name = "SSL",
};