Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / d1c5750370255e25774cbd672f00b50c4652156e^! / .
commitd1c5750370255e25774cbd672f00b50c4652156e[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Thu Dec 22 22:46:15 2016 +0100
committerWilly Tarreau <w@1wt.eu>Thu Dec 22 23:26:38 2016 +0100
treecd3c811458a63022122caa53a7576007b8397190
parent17d4538044fc37b9b4cccdc21543b183d5b69a0b [diff]
CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback

tlskeys_finalize_config() was the only reason for haproxy.c to still
require ifdef and includes for ssl_sock. This one fits perfectly well
in the late initializers so it was changed to be registered with
hap_register_post_check().

diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index d3756a1..9f43adc 100644
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h

@@ -65,7 +65,6 @@
 int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err);
 struct tls_keys_ref *tlskeys_ref_lookup(const char *filename);
 struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id);
-void tlskeys_finalize_config(void);
 #endif
 #ifndef OPENSSL_NO_DH
 int ssl_sock_load_global_dh_param_from_file(const char *filename);

diff --git a/src/haproxy.c b/src/haproxy.c
index 611371c..30991a9 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c

@@ -109,9 +109,6 @@
 #include <proto/dns.h>
 #include <proto/vars.h>
 
-#ifdef USE_OPENSSL
-#include <proto/ssl_sock.h>
-#endif
 
 /* list of config files */
 static struct list cfg_cfgfiles = LIST_HEAD_INIT(cfg_cfgfiles);
@@ -818,9 +815,6 @@
 	}
 
 	pattern_finalize_config();
-#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
-	tlskeys_finalize_config();
-#endif
 
 	err_code |= check_config_validity();
 	if (err_code & (ERR_ABORT|ERR_FATAL)) {

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b39f326..0228dd5 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -574,9 +574,10 @@
 }
 
 /* This function finalize the configuration parsing. Its set all the
- * automatic ids
+ * automatic ids. It's called just after the basic checks. It returns
+ * 0 on success otherwise ERR_*.
  */
-void tlskeys_finalize_config(void)
+static int tlskeys_finalize_config(void)
 {
 	int i = 0;
 	struct tls_keys_ref *ref, *ref2, *ref3;
@@ -618,6 +619,7 @@
 	/* swap root */
 	LIST_ADD(&tkr, &tlskeys_reference);
 	LIST_DEL(&tkr);
+	return 0;
 }
 
 #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
@@ -6710,6 +6712,9 @@
 	srv_register_keywords(&srv_kws);
 	cfg_register_keywords(&cfg_kws);
 	cli_register_kw(&cli_kws);
+#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
+	hap_register_post_check(tlskeys_finalize_config);
+#endif
 
 	ptr = NULL;
 	memprintf(&ptr, "Built with OpenSSL version : "