Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 96c9a6c752d9e521876471402650da13c765eba4^! / .
commit96c9a6c752d9e521876471402650da13c765eba4[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Wed May 04 19:51:37 2022 +0200
committerWilly Tarreau <w@1wt.eu>Fri May 06 18:13:36 2022 +0200
treefa394e5c0975335a910b2f0fd123178dabeb338e
parentf3e8b3e877d91bdc1d8436837bfe409908bfb656 [diff]
CLEANUP: ssl/cli: use a local context for "show ssl cert"

This command only really uses old_ckchs, cur_ckchs and the index
in which the transaction was stored. The new structure "show_cert_ctx"
only has these 3 fields, and the now unused "cur_ckchs" and "index"
could be removed from the shared ssl context.

diff --git a/include/haproxy/applet-t.h b/include/haproxy/applet-t.h
index e3a594a..a0b4e9e 100644
--- a/include/haproxy/applet-t.h
+++ b/include/haproxy/applet-t.h

@@ -143,7 +143,6 @@
 				struct ckch_store *old_ckchs;
 				struct ckch_store *new_ckchs;
 				struct ckch_inst *next_ckchi;
-				struct ckch_store *cur_ckchs;
 
 				struct ckch_inst_link *next_ckchi_link;
 				struct cafile_entry *old_cafile_entry;
@@ -152,7 +151,6 @@
 				struct cafile_entry *old_crlfile_entry;
 				struct cafile_entry *new_crlfile_entry;
 				int cafile_type; /* either CA or CRL, depending on the current command */
-				int index;
 			} ssl;
 			struct {
 				void *ptr;

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 47a1779..48127de 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c

@@ -77,6 +77,14 @@
 	int index;
 };
 
+/* CLI context used by "show cert" */
+struct show_cert_ctx {
+	struct ckch_store *old_ckchs;
+	struct ckch_store *cur_ckchs;
+	int transaction;
+};
+
+
 
 /********************  cert_key_and_chain functions *************************
  * These are the functions that fills a cert_key_and_chain structure. For the
@@ -1247,10 +1255,11 @@
 }
 
 /* IO handler of "show ssl cert <filename>".
- * It makes use of ctx.ssl.cur_ckchs, ctx.ssl.old_ckchs.
+ * It makes use of a show_cert_ctx context, and ckchs_transaction in read-only.
  */
 static int cli_io_handler_show_cert(struct appctx *appctx)
 {
+	struct show_cert_ctx *ctx = appctx->svcctx;
 	struct buffer *trash = alloc_trash_chunk();
 	struct ebmb_node *node;
 	struct conn_stream *cs = appctx->owner;
@@ -1259,7 +1268,7 @@
 	if (trash == NULL)
 		return 1;
 
-	if (!appctx->ctx.ssl.old_ckchs) {
+	if (!ctx->old_ckchs) {
 		if (ckchs_transaction.old_ckchs) {
 			ckchs = ckchs_transaction.old_ckchs;
 			chunk_appendf(trash, "# transaction\n");
@@ -1267,11 +1276,11 @@
 		}
 	}
 
-	if (!appctx->ctx.ssl.cur_ckchs) {
+	if (!ctx->cur_ckchs) {
 		chunk_appendf(trash, "# filename\n");
 		node = ebmb_first(&ckchs_tree);
 	} else {
-		node = &((struct ckch_store *)appctx->ctx.ssl.cur_ckchs)->node;
+		node = &ctx->cur_ckchs->node;
 	}
 	while (node) {
 		ckchs = ebmb_entry(node, struct ckch_store, node);
@@ -1284,13 +1293,13 @@
 		}
 	}
 
-	appctx->ctx.ssl.cur_ckchs = NULL;
+	ctx->cur_ckchs = NULL;
 	free_trash_chunk(trash);
 	return 1;
 yield:
 
 	free_trash_chunk(trash);
-	appctx->ctx.ssl.cur_ckchs = ckchs;
+	ctx->cur_ckchs = ckchs;
 	return 0; /* should come back */
 }
 
@@ -1650,12 +1659,13 @@
 
 
 /* IO handler of the details "show ssl cert <filename>".
- * It uses ctx.ssl.cur_ckchs.
+ * It uses a struct show_cert_ctx and ckchs_transaction in read-only.
  */
 static int cli_io_handler_show_cert_detail(struct appctx *appctx)
 {
+	struct show_cert_ctx *ctx = appctx->svcctx;
 	struct conn_stream *cs = appctx->owner;
-	struct ckch_store *ckchs = appctx->ctx.ssl.cur_ckchs;
+	struct ckch_store *ckchs = ctx->cur_ckchs;
 	struct buffer *out = alloc_trash_chunk();
 	int retval = 0;
 
@@ -1699,15 +1709,16 @@
 
 
 /* IO handler of the details "show ssl cert <filename.ocsp>".
- * It uses ctx.ssl.cur_ckchs and ctx.ssl.index.
+ * It uses a show_cert_ctx.
  */
 static int cli_io_handler_show_cert_ocsp_detail(struct appctx *appctx)
 {
 #if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
+	struct show_cert_ctx *ctx = appctx->svcctx;
 	struct conn_stream *cs = appctx->owner;
-	struct ckch_store *ckchs = appctx->ctx.ssl.cur_ckchs;
+	struct ckch_store *ckchs = ctx->cur_ckchs;
 	struct buffer *out = alloc_trash_chunk();
-	int from_transaction = appctx->ctx.ssl.index;
+	int from_transaction = ctx->transaction;
 
 	if (!out)
 		goto end_no_putchk;
@@ -1750,6 +1761,7 @@
 /* parsing function for 'show ssl cert [certfile]' */
 static int cli_parse_show_cert(char **args, char *payload, struct appctx *appctx, void *private)
 {
+	struct show_cert_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
 	struct ckch_store *ckchs;
 
 	if (!cli_has_level(appctx, ACCESS_LVL_OPER))
@@ -1790,10 +1802,10 @@
 
 		}
 
-		appctx->ctx.ssl.cur_ckchs = ckchs;
+		ctx->cur_ckchs = ckchs;
 		/* use the IO handler that shows details */
 		if (show_ocsp_detail) {
-			appctx->ctx.ssl.index = from_transaction;
+			ctx->transaction = from_transaction;
 			appctx->io_handler = cli_io_handler_show_cert_ocsp_detail;
 		}
 		else