MINOR: ssl: create common ssl_ctx init
a common init for ssl_ctx will be later usable in other functions in
order to support hot enable of ssl during runtime.
Signed-off-by: William Dauchy <wdauchy@gmail.com>
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index d24b85a..f4207f0 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1357,23 +1357,30 @@
}
-/* parse the "check-ssl" server keyword */
-static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
+/* common function to init ssl_ctx */
+static void ssl_sock_init_srv(struct server *s)
{
- newsrv->check.use_ssl = 1;
- if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
- newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
+ if (global_ssl.connect_default_ciphers && !s->ssl_ctx.ciphers)
+ s->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
- if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
- newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
+ if (global_ssl.connect_default_ciphersuites && !s->ssl_ctx.ciphersuites)
+ s->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
#endif
- newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
- newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
- if (!newsrv->ssl_ctx.methods.min)
- newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
- if (!newsrv->ssl_ctx.methods.max)
- newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
+ s->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
+ s->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
+
+ if (!s->ssl_ctx.methods.min)
+ s->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
+ if (!s->ssl_ctx.methods.max)
+ s->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
+}
+
+/* parse the "check-ssl" server keyword */
+static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
+{
+ newsrv->check.use_ssl = 1;
+ ssl_sock_init_srv(newsrv);
return 0;
}
@@ -1545,22 +1552,7 @@
static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{
newsrv->use_ssl = 1;
- if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
- newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
- if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
- newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
-#endif
- newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
- newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
-
- if (!newsrv->ssl_ctx.methods.min)
- newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
-
- if (!newsrv->ssl_ctx.methods.max)
- newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
-
-
+ ssl_sock_init_srv(newsrv);
return 0;
}