MEDIUM: conf: rename 'cafile' and 'crlfile' statements 'ca-file' and 'crl-file'
These names were not really handy.
diff --git a/include/types/listener.h b/include/types/listener.h
index 53f9016..eda7161 100644
--- a/include/types/listener.h
+++ b/include/types/listener.h
@@ -97,11 +97,11 @@
/* "bind" line settings */
struct bind_conf {
#ifdef USE_OPENSSL
- char *cafile; /* CAfile to use on verify */
+ char *ca_file; /* CAfile to use on verify */
unsigned long long ca_ignerr; /* ignored verify errors in handshake if depth > 0 */
unsigned long long crt_ignerr; /* ignored verify errors in handshake if depth == 0 */
char *ciphers; /* cipher suite to use if non-null */
- char *crlfile; /* CRLfile to use on verify */
+ char *crl_file; /* CRLfile to use on verify */
char *ecdhe; /* named curve to use for ECDHE */
int no_tls_tickets; /* disable session resumption tickets */
int no_sslv3; /* disable SSLv3 */
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 151bda4..1c84ee3 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -6701,10 +6701,10 @@
continue;
#ifdef USE_OPENSSL
ssl_sock_free_all_ctx(bind_conf);
- free(bind_conf->cafile);
+ free(bind_conf->ca_file);
free(bind_conf->ciphers);
free(bind_conf->ecdhe);
- free(bind_conf->crlfile);
+ free(bind_conf->crl_file);
#endif /* USE_OPENSSL */
}
diff --git a/src/haproxy.c b/src/haproxy.c
index 00bf126..d2f5d45 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1039,10 +1039,10 @@
list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
#ifdef USE_OPENSSL
ssl_sock_free_all_ctx(bind_conf);
- free(bind_conf->cafile);
+ free(bind_conf->ca_file);
free(bind_conf->ciphers);
free(bind_conf->ecdhe);
- free(bind_conf->crlfile);
+ free(bind_conf->crl_file);
#endif /* USE_OPENSSL */
free(bind_conf->file);
free(bind_conf->arg);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5fc5f16..f951be6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -499,23 +499,23 @@
SSL_CTX_set_mode(ctx, sslmode);
SSL_CTX_set_verify(ctx, bind_conf->verify ? bind_conf->verify : SSL_VERIFY_NONE, ssl_sock_verifycbk);
if (bind_conf->verify & SSL_VERIFY_PEER) {
- if (bind_conf->cafile) {
+ if (bind_conf->ca_file) {
/* load CAfile to verify */
- if (!SSL_CTX_load_verify_locations(ctx, bind_conf->cafile, NULL)) {
+ if (!SSL_CTX_load_verify_locations(ctx, bind_conf->ca_file, NULL)) {
Alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
- curproxy->id, bind_conf->cafile, bind_conf->arg, bind_conf->file, bind_conf->line);
+ curproxy->id, bind_conf->ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
cfgerr++;
}
/* set CA names fo client cert request, function returns void */
- SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(bind_conf->cafile));
+ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(bind_conf->ca_file));
}
#ifdef X509_V_FLAG_CRL_CHECK
- if (bind_conf->crlfile) {
+ if (bind_conf->crl_file) {
X509_STORE *store = SSL_CTX_get_cert_store(ctx);
- if (!store || !X509_STORE_load_locations(store, bind_conf->crlfile, NULL)) {
+ if (!store || !X509_STORE_load_locations(store, bind_conf->crl_file, NULL)) {
Alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
- curproxy->id, bind_conf->cafile, bind_conf->arg, bind_conf->file, bind_conf->line);
+ curproxy->id, bind_conf->ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
cfgerr++;
}
else {
@@ -1098,8 +1098,8 @@
return 1;
}
-/* parse the "cafile" bind keyword */
-static int bind_parse_cafile(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
+/* parse the "ca-file" bind keyword */
+static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
if (!*args[cur_arg + 1]) {
if (err)
@@ -1108,13 +1108,13 @@
}
if ((*args[cur_arg + 1] != '/') && global.ca_base) {
- conf->cafile = malloc(strlen(global.ca_base) + 1 + strlen(args[cur_arg + 1]) + 1);
- if (conf->cafile)
- sprintf(conf->cafile, "%s/%s", global.ca_base, args[cur_arg + 1]);
+ conf->ca_file = malloc(strlen(global.ca_base) + 1 + strlen(args[cur_arg + 1]) + 1);
+ if (conf->ca_file)
+ sprintf(conf->ca_file, "%s/%s", global.ca_base, args[cur_arg + 1]);
return 0;
}
- conf->cafile = strdup(args[cur_arg + 1]);
+ conf->ca_file = strdup(args[cur_arg + 1]);
return 0;
}
@@ -1157,8 +1157,8 @@
return 0;
}
-/* parse the "crlfile" bind keyword */
-static int bind_parse_crlfile(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
+/* parse the "crl-file" bind keyword */
+static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
#ifndef X509_V_FLAG_CRL_CHECK
if (err)
@@ -1172,13 +1172,13 @@
}
if ((*args[cur_arg + 1] != '/') && global.ca_base) {
- conf->crlfile = malloc(strlen(global.ca_base) + 1 + strlen(args[cur_arg + 1]) + 1);
- if (conf->crlfile)
- sprintf(conf->crlfile, "%s/%s", global.ca_base, args[cur_arg + 1]);
+ conf->crl_file = malloc(strlen(global.ca_base) + 1 + strlen(args[cur_arg + 1]) + 1);
+ if (conf->crl_file)
+ sprintf(conf->crl_file, "%s/%s", global.ca_base, args[cur_arg + 1]);
return 0;
}
- conf->crlfile = strdup(args[cur_arg + 1]);
+ conf->crl_file = strdup(args[cur_arg + 1]);
return 0;
#endif
}
@@ -1358,10 +1358,10 @@
* not enabled.
*/
static struct bind_kw_list bind_kws = { "SSL", { }, {
- { "cafile", bind_parse_cafile, 1 }, /* set CAfile to process verify on client cert */
+ { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
{ "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
{ "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
- { "crlfile", bind_parse_crlfile, 1 }, /* set certificat revocation list file use on client cert verify */
+ { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
{ "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
{ "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
{ "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */