MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock
These ones are pretty similar, just an strdup. Contrary to ca-base
and crt-base they support being changed.
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 0ece4fd..24bccd2 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1105,40 +1105,6 @@
}
#endif /* SYSTEM_MAXCONN */
}
- else if (!strcmp(args[0], "ssl-default-bind-ciphers")) {
-#ifdef USE_OPENSSL
- if (alertif_too_many_args(1, file, linenum, args, &err_code))
- goto out;
- if (*(args[1]) == 0) {
- Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
- }
- free(global.listen_default_ciphers);
- global.listen_default_ciphers = strdup(args[1]);
-#else
- Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
-#endif
- }
- else if (!strcmp(args[0], "ssl-default-server-ciphers")) {
-#ifdef USE_OPENSSL
- if (alertif_too_many_args(1, file, linenum, args, &err_code))
- goto out;
- if (*(args[1]) == 0) {
- Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
- }
- free(global.connect_default_ciphers);
- global.connect_default_ciphers = strdup(args[1]);
-#else
- Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
- err_code |= ERR_ALERT | ERR_FATAL;
- goto out;
-#endif
- }
#ifdef USE_OPENSSL
#ifndef OPENSSL_NO_DH
else if (!strcmp(args[0], "ssl-dh-param-file")) {
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 66280be..0ac7315 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6010,6 +6010,30 @@
return 0;
}
+/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
+ * in global section. Returns <0 on alert, >0 on warning, 0 on success.
+ */
+static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
+ struct proxy *defpx, const char *file, int line,
+ char **err)
+{
+ char **target;
+
+ target = (args[0][12] == 'b') ? &global.listen_default_ciphers : &global.connect_default_ciphers;
+
+ if (too_many_args(1, args, err, NULL))
+ return -1;
+
+ if (*(args[1]) == 0) {
+ memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
+ return -1;
+ }
+
+ free(*target);
+ *target = strdup(args[1]);
+ return 0;
+}
+
/* parse various global tune.ssl settings consisting in positive integers.
* Returns <0 on alert, >0 on warning, 0 on success.
*/
@@ -6523,6 +6547,8 @@
{ CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
{ CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
{ CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
+ { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
+ { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
{ 0, NULL, NULL },
}};