REORG: config: use parsing ctx for server config check
Initialize the parsing context when checking server config validity.
Adjust the log messages to remove redundant config file/line and server
name. Do a similar cleaning in prepare_srv from ssl_sock as this
function is called at the same stage.
This will standardize the stderr output on startup with the parse_server
function.
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 4b03b63..b1274cd 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3523,6 +3523,8 @@
*/
newsrv = curproxy->srv;
while (newsrv != NULL) {
+ set_usermsgs_ctx(newsrv->conf.file, newsrv->conf.line, &newsrv->obj_type);
+
if (newsrv->minconn > newsrv->maxconn) {
/* Only 'minconn' was specified, or it was higher than or equal
* to 'maxconn'. Let's turn this into maxconn and clean it, as
@@ -3548,10 +3550,7 @@
if ((newsrv->flags & SRV_F_FASTOPEN) &&
((curproxy->retry_type & (PR_RE_DISCONNECTED | PR_RE_TIMEOUT)) !=
(PR_RE_DISCONNECTED | PR_RE_TIMEOUT)))
- ha_warning("parsing [%s:%d] : %s '%s': server '%s' has tfo activated, the backend should be configured with at least 'conn-failure', 'empty-response' and 'response-timeout' or we wouldn't be able to retry the connection on failure.\n",
- newsrv->conf.file, newsrv->conf.line,
- proxy_type_str(curproxy), curproxy->id,
- newsrv->id);
+ ha_warning("server has tfo activated, the backend should be configured with at least 'conn-failure', 'empty-response' and 'response-timeout' or we wouldn't be able to retry the connection on failure.\n");
if (newsrv->trackit) {
struct proxy *px;
@@ -3571,9 +3570,8 @@
if (pname) {
px = proxy_be_by_name(pname);
if (!px) {
- ha_alert("config : %s '%s', server '%s': unable to find required proxy '%s' for tracking.\n",
- proxy_type_str(curproxy), curproxy->id,
- newsrv->id, pname);
+ ha_alert("unable to find required proxy '%s' for tracking.\n",
+ pname);
cfgerr++;
goto next_srv;
}
@@ -3582,18 +3580,16 @@
srv = findserver(px, sname);
if (!srv) {
- ha_alert("config : %s '%s', server '%s': unable to find required server '%s' for tracking.\n",
- proxy_type_str(curproxy), curproxy->id,
- newsrv->id, sname);
+ ha_alert("unable to find required server '%s' for tracking.\n",
+ sname);
cfgerr++;
goto next_srv;
}
if (!srv->do_check && !srv->do_agent && !srv->track && !srv->trackit) {
- ha_alert("config : %s '%s', server '%s': unable to use %s/%s for "
+ ha_alert("unable to use %s/%s for "
"tracking as it does not have any check nor agent enabled.\n",
- proxy_type_str(curproxy), curproxy->id,
- newsrv->id, px->id, srv->id);
+ px->id, srv->id);
cfgerr++;
goto next_srv;
}
@@ -3601,10 +3597,9 @@
for (loop = srv->track; loop && loop != newsrv; loop = loop->track);
if (newsrv == srv || loop) {
- ha_alert("config : %s '%s', server '%s': unable to track %s/%s as it "
+ ha_alert("unable to track %s/%s as it "
"belongs to a tracking chain looping back to %s/%s.\n",
- proxy_type_str(curproxy), curproxy->id,
- newsrv->id, px->id, srv->id, px->id,
+ px->id, srv->id, px->id,
newsrv == srv ? srv->id : loop->id);
cfgerr++;
goto next_srv;
@@ -3612,10 +3607,9 @@
if (curproxy != px &&
(curproxy->options & PR_O_DISABLE404) != (px->options & PR_O_DISABLE404)) {
- ha_alert("config : %s '%s', server '%s': unable to use %s/%s for"
+ ha_alert("unable to use %s/%s for"
"tracking: disable-on-404 option inconsistency.\n",
- proxy_type_str(curproxy), curproxy->id,
- newsrv->id, px->id, srv->id);
+ px->id, srv->id);
cfgerr++;
goto next_srv;
}
@@ -3628,6 +3622,7 @@
}
next_srv:
+ reset_usermsgs_ctx();
newsrv = newsrv->next;
}
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 993772f..6553584 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4619,7 +4619,6 @@
/* prepare ssl context from servers options. Returns an error count */
int ssl_sock_prepare_srv_ctx(struct server *srv)
{
- struct proxy *curproxy = srv->proxy;
int cfgerr = 0;
SSL_CTX *ctx = srv->ssl_ctx.ctx;
@@ -4635,9 +4634,7 @@
/* Initiate SSL context for current server */
if (!srv->ssl_ctx.reused_sess) {
if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
- ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
- curproxy->id, srv->id,
- srv->conf.file, srv->conf.line);
+ ha_alert("out of memory.\n");
cfgerr++;
return cfgerr;
}
@@ -4650,9 +4647,7 @@
if (!ctx) {
ctx = SSL_CTX_new(SSLv23_client_method());
if (!ctx) {
- ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
- proxy_type_str(curproxy), curproxy->id,
- srv->id);
+ ha_alert("unable to allocate ssl context.\n");
cfgerr++;
return cfgerr;
}
@@ -4687,9 +4682,8 @@
int flags = MC_SSL_O_ALL;
if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
- ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
- "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
- proxy_type_str(curproxy), curproxy->id, srv->id);
+ ha_warning("no-sslv3/no-tlsv1x are ignored for this server. "
+ "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n");
else
flags = conf_ssl_methods->flags;
@@ -4770,21 +4764,16 @@
if (srv->ssl_ctx.ca_file) {
/* set CAfile to verify */
if (!ssl_set_verify_locations_file(ctx, srv->ssl_ctx.ca_file)) {
- ha_alert("Proxy '%s', server '%s' [%s:%d] unable to set CA file '%s'.\n",
- curproxy->id, srv->id,
- srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
+ ha_alert("unable to set CA file '%s'.\n",
+ srv->ssl_ctx.ca_file);
cfgerr++;
}
}
else {
if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
- ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
- curproxy->id, srv->id,
- srv->conf.file, srv->conf.line);
+ ha_alert("verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n");
else
- ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
- curproxy->id, srv->id,
- srv->conf.file, srv->conf.line);
+ ha_alert("verify is enabled but no CA file specified.\n");
cfgerr++;
}
#ifdef X509_V_FLAG_CRL_CHECK
@@ -4792,9 +4781,8 @@
X509_STORE *store = SSL_CTX_get_cert_store(ctx);
if (!ssl_set_cert_crl_file(store, srv->ssl_ctx.crl_file)) {
- ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
- curproxy->id, srv->id,
- srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
+ ha_alert("unable to configure CRL file '%s'.\n",
+ srv->ssl_ctx.crl_file);
cfgerr++;
}
else {
@@ -4808,18 +4796,16 @@
SSL_CTX_sess_set_new_cb(ctx, ssl_sess_new_srv_cb);
if (srv->ssl_ctx.ciphers &&
!SSL_CTX_set_cipher_list(ctx, srv->ssl_ctx.ciphers)) {
- ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
- curproxy->id, srv->id,
- srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
+ ha_alert("unable to set SSL cipher list to '%s'.\n",
+ srv->ssl_ctx.ciphers);
cfgerr++;
}
#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
if (srv->ssl_ctx.ciphersuites &&
!SSL_CTX_set_ciphersuites(ctx, srv->ssl_ctx.ciphersuites)) {
- ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
- curproxy->id, srv->id,
- srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
+ ha_alert("unable to set TLS 1.3 cipher suites to '%s'.\n",
+ srv->ssl_ctx.ciphersuites);
cfgerr++;
}
#endif