diff --git a/include/haproxy/ssl_ckch-t.h b/include/haproxy/ssl_ckch-t.h index d7eecf128..de375392e 100644 --- a/include/haproxy/ssl_ckch-t.h +++ b/include/haproxy/ssl_ckch-t.h @@ -179,7 +179,7 @@ struct ckch_conf_kws { const char *name; ssize_t offset; enum parse_type_t type; - int (*func)(const char *path, char *buf, struct ckch_data *d, char **err); + int (*func)(void *value, char *buf, struct ckch_data *d, char **err); char **base; /* ptr to the base path */ }; diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h index 41183791c..c8efb56c4 100644 --- a/include/haproxy/ssl_ckch.h +++ b/include/haproxy/ssl_ckch.h @@ -75,5 +75,12 @@ int __ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ extern struct cert_exts cert_exts[]; extern int (*ssl_commit_crlfile_cb)(const char *path, X509_STORE *ctx, char **err); +/* ckch_conf keyword loading */ +static inline int ckch_conf_load_pem(void *value, char *buf, struct ckch_data *d, char **err) { return ssl_sock_load_pem_into_ckch(value, buf, d, err); } +static inline int ckch_conf_load_key(void *value, char *buf, struct ckch_data *d, char **err) { return ssl_sock_load_key_into_ckch(value, buf, d, err); } +static inline int ckch_conf_load_ocsp_response(void *value, char *buf, struct ckch_data *d, char **err) { return ssl_sock_load_ocsp_response_from_file(value, buf, d, err); } +static inline int ckch_conf_load_ocsp_issuer(void *value, char *buf, struct ckch_data *d, char **err) { return ssl_sock_load_issuer_file_into_ckch(value, buf, d, err); } +static inline int ckch_conf_load_sctl(void *value, char *buf, struct ckch_data *d, char **err) { return ssl_sock_load_sctl_from_file(value, buf, d, err); } + #endif /* USE_OPENSSL */ #endif /* _HAPROXY_SSL_CRTLIST_H */ diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 549637d6a..e593d32a2 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -4027,11 +4027,11 @@ static int crtstore_load = 0; /* did we already load in this crt-store */ struct ckch_conf_kws ckch_conf_kws[] = { { "alias", -1, PARSE_TYPE_NONE, NULL, NULL }, - { "crt", offsetof(struct ckch_conf, crt), PARSE_TYPE_STR, ssl_sock_load_pem_into_ckch, ¤t_crtbase }, - { "key", offsetof(struct ckch_conf, key), PARSE_TYPE_STR, ssl_sock_load_key_into_ckch, ¤t_keybase }, - { "ocsp", offsetof(struct ckch_conf, ocsp), PARSE_TYPE_STR, ssl_sock_load_ocsp_response_from_file, ¤t_crtbase }, - { "issuer", offsetof(struct ckch_conf, issuer), PARSE_TYPE_STR, ssl_sock_load_issuer_file_into_ckch, ¤t_crtbase }, - { "sctl", offsetof(struct ckch_conf, sctl), PARSE_TYPE_STR, ssl_sock_load_sctl_from_file, ¤t_crtbase }, + { "crt", offsetof(struct ckch_conf, crt), PARSE_TYPE_STR, ckch_conf_load_pem, ¤t_crtbase }, + { "key", offsetof(struct ckch_conf, key), PARSE_TYPE_STR, ckch_conf_load_key, ¤t_keybase }, + { "ocsp", offsetof(struct ckch_conf, ocsp), PARSE_TYPE_STR, ckch_conf_load_ocsp_response, ¤t_crtbase }, + { "issuer", offsetof(struct ckch_conf, issuer), PARSE_TYPE_STR, ckch_conf_load_ocsp_issuer, ¤t_crtbase }, + { "sctl", offsetof(struct ckch_conf, sctl), PARSE_TYPE_STR, ckch_conf_load_sctl, ¤t_crtbase }, { NULL, -1, PARSE_TYPE_STR, NULL, NULL } }; @@ -4040,7 +4040,7 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, char **err) { int i; int err_code = 0; - int rc = 0; + int rc = 1; struct ckch_data *d = c->data; /* crt */ @@ -4050,40 +4050,66 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, char **err) } for (i = 0; ckch_conf_kws[i].name; i++) { - char *src = NULL; - char **base = ckch_conf_kws[i].base; + void *src = NULL; if (ckch_conf_kws[i].offset < 0) continue; - src = *(char **)((intptr_t)f + (ptrdiff_t)ckch_conf_kws[i].offset); - if (src) { - char *path; - char path_base[PATH_MAX]; + if (!ckch_conf_kws[i].func) + continue; - if (!ckch_conf_kws[i].func || ckch_conf_kws[i].type != PARSE_TYPE_STR) - continue; + src = (void *)((intptr_t)f + (ptrdiff_t)ckch_conf_kws[i].offset); - path = src; + switch (ckch_conf_kws[i].type) { + case PARSE_TYPE_STR: + { + char *v; + char *path; + char **base = ckch_conf_kws[i].base; + char path_base[PATH_MAX]; - if (base && *base) { - if (*src != '/') { - int rv = snprintf(path_base, sizeof(path_base), "%s/%s", *base, src); + v = *(char **)src; + if (!v) + goto next; + + path = v; + if (base && *base && *path != '/') { + int rv = snprintf(path_base, sizeof(path_base), "%s/%s", *base, path); if (rv >= sizeof(path_base)) { - memprintf(err, "'%s/%s' : path too long", *base, src); + memprintf(err, "'%s/%s' : path too long", *base, path); err_code |= ERR_ALERT | ERR_FATAL; goto out; } path = path_base; } + rc = ckch_conf_kws[i].func(path, NULL, d, err); + if (rc) { + err_code |= ERR_ALERT | ERR_FATAL; + memprintf(err, "%s '%s' cannot be read or parsed.", err && *err ? *err : "", path); + goto out; + } + break; } - rc = ckch_conf_kws[i].func(path, NULL, d, err); - if (rc) { - err_code |= ERR_ALERT | ERR_FATAL; - memprintf(err, "%s '%s' cannot be read or parsed.", err && *err ? *err : "", path); - goto out; + + case PARSE_TYPE_INT: + case PARSE_TYPE_ONOFF: + { + int v = *(int *)src; + rc = ckch_conf_kws[i].func(&v, NULL, d, err); + if (rc) { + err_code |= ERR_ALERT | ERR_FATAL; + memprintf(err, "%s '%d' cannot be read or parsed.", err && *err ? *err : "", v); + goto out; + } + + break; } + + default: + break; } +next: + ; } out: