mirror of
https://git.freebsd.org/ports.git
synced 2025-05-02 19:46:41 -04:00
78 lines
3 KiB
Text
78 lines
3 KiB
Text
From ce5ca630697a069ffbd81169663e5dbeb554179a Mon Sep 17 00:00:00 2001
|
|
From: Willy Tarreau <w@1wt.eu>
|
|
Date: Wed, 6 Oct 2021 11:23:32 +0200
|
|
Subject: CLEANUP: servers: do not include openssl-compat
|
|
|
|
This is exactly the same as for listeners, servers only include
|
|
openssl-compat to provide the SSL_CTX type to use as two pointers to
|
|
contexts, and to detect if NPN, ALPN, and cipher suites are supported,
|
|
and save up to 5 pointers in the ssl_ctx struct if not supported. This
|
|
is pointless, as these ones have all been supported for about a decade,
|
|
and including this file comes with a long dependency chain that impacts
|
|
lots of other files. The ctx was made a void*.
|
|
|
|
Now the build time was significantly reduced, from 9.2 to 8.1 seconds,
|
|
thanks to opensslconf.h being included "only" 456 times instead of 2424
|
|
previously!
|
|
|
|
The total number of lines of code compiled was reduced by 15%.
|
|
|
|
(cherry picked from commit 340ef2502eae2a37781e460d3590982c0e437fbd)
|
|
[wt: this is backported to get rid of the painful #ifdef around SSL
|
|
fields that regularly break backports]
|
|
Signed-off-by: Willy Tarreau <w@1wt.eu>
|
|
---
|
|
include/haproxy/server-t.h | 10 +---------
|
|
1 file changed, 1 insertion(+), 9 deletions(-)
|
|
|
|
diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
|
|
index 429195388..32b649bf3 100644
|
|
--- include/haproxy/server-t.h
|
|
+++ include/haproxy/server-t.h
|
|
@@ -35,9 +35,7 @@
|
|
#include <haproxy/freq_ctr-t.h>
|
|
#include <haproxy/listener-t.h>
|
|
#include <haproxy/obj_type-t.h>
|
|
-#include <haproxy/openssl-compat.h>
|
|
#include <haproxy/resolvers-t.h>
|
|
-#include <haproxy/ssl_sock-t.h>
|
|
#include <haproxy/stats-t.h>
|
|
#include <haproxy/task-t.h>
|
|
#include <haproxy/thread-t.h>
|
|
@@ -341,7 +339,7 @@ struct server {
|
|
#ifdef USE_OPENSSL
|
|
char *sni_expr; /* Temporary variable to store a sample expression for SNI */
|
|
struct {
|
|
- SSL_CTX *ctx;
|
|
+ void *ctx;
|
|
struct {
|
|
unsigned char *ptr;
|
|
int size;
|
|
@@ -353,9 +351,7 @@ struct server {
|
|
__decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */
|
|
|
|
char *ciphers; /* cipher suite to use if non-null */
|
|
-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
|
|
char *ciphersuites; /* TLS 1.3 cipher suite to use if non-null */
|
|
-#endif
|
|
int options; /* ssl options */
|
|
int verify; /* verify method (set of SSL_VERIFY_* flags) */
|
|
struct tls_version_filter methods; /* ssl methods */
|
|
@@ -363,14 +359,10 @@ struct server {
|
|
char *ca_file; /* CAfile to use on verify */
|
|
char *crl_file; /* CRLfile to use on verify */
|
|
struct sample_expr *sni; /* sample expression for SNI */
|
|
-#ifdef OPENSSL_NPN_NEGOTIATED
|
|
char *npn_str; /* NPN protocol string */
|
|
int npn_len; /* NPN protocol string length */
|
|
-#endif
|
|
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
|
|
char *alpn_str; /* ALPN protocol string */
|
|
int alpn_len; /* ALPN protocol string length */
|
|
-#endif
|
|
} ssl_ctx;
|
|
#ifdef USE_QUIC
|
|
struct quic_transport_params quic_params; /* QUIC transport parameters */
|
|
--
|
|
2.28.0
|
|
|