MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock
This removes 2 #ifdefs and makes the code much cleaner. The controls
are still there and the two parsers have been merged into a single
function ssl_parse_global_ca_crt_base().
It's worth noting that there's still a check to prevent a change when
the value was already specified. This test seems useless and possibly
counter-productive, it may have to be revisited later, but for now it
was implemented identically.
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 771dbe9..6b4c9c9 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -627,48 +627,6 @@
alertif_too_many_args(0, file, linenum, args, &err_code);
goto out;
}
- else if (!strcmp(args[0], "ca-base")) {
-#ifdef USE_OPENSSL
- if(alertif_too_many_args(1, file, linenum, args, &err_code))
- goto out;
- if (global.ca_base != NULL) {
- Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT;
- goto out;
- }
- if (*(args[1]) == 0) {
- Alert("parsing [%s:%d] : '%s' expects a directory path as an argument.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
- }
- global.ca_base = strdup(args[1]);
-#else
- Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
-#endif
- }
- else if (!strcmp(args[0], "crt-base")) {
-#ifdef USE_OPENSSL
- if (alertif_too_many_args(1, file, linenum, args, &err_code))
- goto out;
- if (global.crt_base != NULL) {
- Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT;
- goto out;
- }
- if (*(args[1]) == 0) {
- Alert("parsing [%s:%d] : '%s' expects a directory path as an argument.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
- }
- global.crt_base = strdup(args[1]);
-#else
- Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
-#endif
- }
else if (!strcmp(args[0], "daemon")) {
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5f9c8f3..830b9e2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5983,6 +5983,33 @@
return 0;
}
+/* parse the "ca-base" / "crt-base" keywords in global section.
+ * Returns <0 on alert, >0 on warning, 0 on success.
+ */
+static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
+ struct proxy *defpx, const char *file, int line,
+ char **err)
+{
+ char **target;
+
+ target = (args[0][1] == 'a') ? &global.ca_base : &global.crt_base;
+
+ if (too_many_args(1, args, err, NULL))
+ return -1;
+
+ if (*target) {
+ memprintf(err, "'%s' already specified.", args[0]);
+ return -1;
+ }
+
+ if (*(args[1]) == 0) {
+ memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
+ return -1;
+ }
+ *target = strdup(args[1]);
+ return 0;
+}
+
/* This function is used with TLS ticket keys management. It permits to browse
* each reference. The variable <getnext> must contain the current node,
* <end> point to the root node.
@@ -6380,6 +6407,8 @@
}};
static struct cfg_kw_list cfg_kws = {ILH, {
+ { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
+ { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
{ CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
{ CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
{ 0, NULL, NULL },