konevsa/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MINOR: ssl: reach a ckch_store from a sni_ctx

Browse Source 
It was only possible to go down from the ckch_store to the sni_ctx but
not to go up from the sni_ctx to the ckch_store.

To allow that, 2 pointers were added:

- a ckch_inst pointer in the struct sni_ctx
- a ckckh_store pointer in the struct ckch_inst
This commit is contained in:
William Lallemand 2020-03-05 10:17:47 +01:00 committed by William Lallemand
parent 38df1c8006
commit cfca1422c7
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/types/ssl_sock.h
View File

@ -42,6 +42,7 @@ struct sni_ctx {
struct pkey_info kinfo; /* pkey info */
struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */
struct list by_ckch_inst; /* chained in ckch_inst's list of sni_ctx */
struct ckch_inst *ckch_inst; /* instance used to create this sni_ctx */
struct ebmb_node name; /* node holding the servername value */
};
@ -126,6 +127,7 @@ struct ckch_store {
struct ckch_inst {
struct bind_conf *bind_conf; /* pointer to the bind_conf that uses this ckch_inst */
struct ssl_bind_conf *ssl_conf; /* pointer to the ssl_conf which is used by every sni_ctx of this inst */
struct ckch_store *ckch_store; /* pointer to the store used to generate this inst */
int is_default; /* This instance is used as the default ctx for this bind_conf */
struct list sni_ctx; /* list of sni_ctx using this ckch_inst */
struct list by_ckchs; /* chained in ckch_store's list of ckch_inst */

3
src/ssl_sock.c
View File

@ -2949,6 +2949,7 @@ static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst,
sc->neg = neg;
sc->wild = wild;
sc->name.node.leaf_p = NULL;
sc->ckch_inst = ckch_inst;
LIST_ADDQ(&ckch_inst->sni_ctx, &sc->by_ckch_inst);
}
return order;
@ -4186,6 +4187,7 @@ static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *c
ckch_inst->bind_conf = bind_conf;
ckch_inst->ssl_conf = ssl_conf;
ckch_inst->ckch_store = ckchs;
end:
if (names)
@ -4374,6 +4376,7 @@ static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs,
/* everything succeed, the ckch instance can be used */
ckch_inst->bind_conf = bind_conf;
ckch_inst->ssl_conf = ssl_conf;
ckch_inst->ckch_store = ckchs;
*ckchi = ckch_inst;
return errcode;