CLEANUP: ssl: remove test on "multi" variable in ckch functions
Since the removal of the multi-certificates bundle support, this
variable is not useful anymore, we can remove all tests for this
variable and suppose that every ckch contains a single certificate.
diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index 46b9167..b41ce8a 100644
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -45,10 +45,10 @@
#endif
/* ckch_store functions */
-struct ckch_store *ckchs_load_cert_file(char *path, int multi, char **err);
+struct ckch_store *ckchs_load_cert_file(char *path, char **err);
struct ckch_store *ckchs_lookup(char *path);
struct ckch_store *ckchs_dup(const struct ckch_store *src);
-struct ckch_store *ckch_store_new(const char *filename, int nmemb);
+struct ckch_store *ckch_store_new(const char *filename);
void ckch_store_free(struct ckch_store *store);
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 6309b65..2ba7830 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -721,17 +721,7 @@
if (!store)
return;
-#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200L
- if (store->multi) {
- int n;
-
- for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
- ssl_sock_free_cert_key_and_chain_contents(&store->ckch[n]);
- } else
-#endif
- {
- ssl_sock_free_cert_key_and_chain_contents(store->ckch);
- }
+ ssl_sock_free_cert_key_and_chain_contents(store->ckch);
free(store->ckch);
store->ckch = NULL;
@@ -750,7 +740,7 @@
*
* Return a ckch_store or NULL upon failure.
*/
-struct ckch_store *ckch_store_new(const char *filename, int nmemb)
+struct ckch_store *ckch_store_new(const char *filename)
{
struct ckch_store *store;
int pathlen;
@@ -760,17 +750,12 @@
if (!store)
return NULL;
- if (nmemb > 1)
- store->multi = 1;
- else
- store->multi = 0;
-
memcpy(store->path, filename, pathlen + 1);
LIST_INIT(&store->ckch_inst);
LIST_INIT(&store->crtlist_entry);
- store->ckch = calloc(nmemb, sizeof(*store->ckch));
+ store->ckch = calloc(1, sizeof(*store->ckch));
if (!store->ckch)
goto error;
@@ -786,24 +771,10 @@
{
struct ckch_store *dst;
- dst = ckch_store_new(src->path, src->multi ? SSL_SOCK_NUM_KEYTYPES : 1);
-
-#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
- if (src->multi) {
- int n;
+ dst = ckch_store_new(src->path);
- for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
- if (&src->ckch[n]) {
- if (!ssl_sock_copy_cert_key_and_chain(&src->ckch[n], &dst->ckch[n]))
- goto error;
- }
- }
- } else
-#endif
- {
- if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
- goto error;
- }
+ if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
+ goto error;
return dst;
@@ -830,50 +801,22 @@
/*
* This function allocate a ckch_store and populate it with certificates from files.
*/
-struct ckch_store *ckchs_load_cert_file(char *path, int multi, char **err)
+struct ckch_store *ckchs_load_cert_file(char *path, char **err)
{
struct ckch_store *ckchs;
- ckchs = ckch_store_new(path, multi ? SSL_SOCK_NUM_KEYTYPES : 1);
+ ckchs = ckch_store_new(path);
if (!ckchs) {
memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
goto end;
}
- if (!multi) {
-
- if (ssl_sock_load_files_into_ckch(path, ckchs->ckch, err) == 1)
- goto end;
-
- /* insert into the ckchs tree */
- memcpy(ckchs->path, path, strlen(path) + 1);
- ebst_insert(&ckchs_tree, &ckchs->node);
- } else {
- int found = 0;
-#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
- char fp[MAXPATHLEN+1] = {0};
- int n = 0;
- /* Load all possible certs and keys */
- for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
- struct stat buf;
- snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
- if (stat(fp, &buf) == 0) {
- if (ssl_sock_load_files_into_ckch(fp, &ckchs->ckch[n], err) == 1)
- goto end;
- found = 1;
- ckchs->multi = 1;
- }
- }
-#endif
+ if (ssl_sock_load_files_into_ckch(path, ckchs->ckch, err) == 1)
+ goto end;
- if (!found) {
- memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
- goto end;
- }
- /* insert into the ckchs tree */
- memcpy(ckchs->path, path, strlen(path) + 1);
- ebst_insert(&ckchs_tree, &ckchs->node);
- }
+ /* insert into the ckchs tree */
+ memcpy(ckchs->path, path, strlen(path) + 1);
+ ebst_insert(&ckchs_tree, &ckchs->node);
return ckchs;
end:
@@ -1757,7 +1700,7 @@
goto error;
}
/* we won't support multi-certificate bundle here */
- store = ckch_store_new(path, 1);
+ store = ckch_store_new(path);
if (!store) {
memprintf(&err, "unable to allocate memory.\n");
goto error;
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 1ab9468..f7007ef 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -521,7 +521,7 @@
if (ckchs == NULL) {
if (stat(crt_path, &buf) == 0) {
- ckchs = ckchs_load_cert_file(crt_path, 0, err);
+ ckchs = ckchs_load_cert_file(crt_path, err);
if (ckchs == NULL) {
cfgerr |= ERR_ALERT | ERR_FATAL;
goto error;
@@ -554,7 +554,7 @@
ckchs = ckchs_lookup(fp);
if (!ckchs && stat(fp, &buf) == 0) {
- ckchs = ckchs_load_cert_file(fp, 0, err);
+ ckchs = ckchs_load_cert_file(fp, err);
if (ckchs == NULL) {
cfgerr |= ERR_ALERT | ERR_FATAL;
goto error;
@@ -660,7 +660,7 @@
ckchs = ckchs_lookup(fp);
if (ckchs == NULL)
- ckchs = ckchs_load_cert_file(fp, 0, err);
+ ckchs = ckchs_load_cert_file(fp, err);
if (ckchs == NULL) {
free(de);
free(entry);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 97f7802..f3b1b0e 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3773,7 +3773,7 @@
}
if (stat(path, &buf) == 0) {
if (S_ISDIR(buf.st_mode) == 0) {
- ckchs = ckchs_load_cert_file(path, 0, err);
+ ckchs = ckchs_load_cert_file(path, err);
if (!ckchs)
return ERR_ALERT | ERR_FATAL;
@@ -3800,7 +3800,7 @@
cfgerr |= ssl_sock_load_ckchs(fp, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);
} else {
if (stat(fp, &buf) == 0) {
- ckchs = ckchs_load_cert_file(fp, 0, err);
+ ckchs = ckchs_load_cert_file(fp, err);
if (!ckchs)
return ERR_ALERT | ERR_FATAL;
cfgerr |= ssl_sock_load_ckchs(fp, ckchs, bind_conf, NULL, NULL, 0, &ckch_inst, err);