CLEANUP: ssl: rename ssl_sock_load_ca to ssl_sock_gencert_load_ca

ssl_sock_load_ca is defined in ssl_gencert.c and compiled only if SSL_NO_GENERATE_CERTIFICATES is not defined. It's name is a bit confusing, as we may think at the first glance, that it's a generic function, which is also used to load CA file, provided via 'ca-file' keyword. ssl_set_verify_locations_file is used in this case. So let's rename ssl_sock_load_ca into ssl_sock_gencert_load_ca. Same is applied to ssl_sock_free_ca.
PhoenixRedflash · Jan 24, 2025 · 846819b · 846819b
1 parent c987f30
commit 846819b
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
@@ -68,8 +68,8 @@ void ssl_sock_free_srv_ctx(struct server *srv);
 void ssl_sock_free_all_ctx(struct bind_conf *bind_conf);
 int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx,
                       const char **str, int *len);
-int ssl_sock_load_ca(struct bind_conf *bind_conf);
-void ssl_sock_free_ca(struct bind_conf *bind_conf);
+int ssl_sock_gencert_load_ca(struct bind_conf *bind_conf);
+void ssl_sock_gencert_free_ca(struct bind_conf *bind_conf);
 int ssl_bio_and_sess_init(struct connection *conn, SSL_CTX *ssl_ctx,
                           SSL **ssl, BIO **bio, BIO_METHOD *bio_meth, void *ctx);
 const char *ssl_sock_get_sni(struct connection *conn);

diff --git a/src/ssl_gencert.c b/src/ssl_gencert.c
@@ -381,7 +381,7 @@ int ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ss
 
 /* Load CA cert file and private key used to generate certificates */
 int
-ssl_sock_load_ca(struct bind_conf *bind_conf)
+ssl_sock_gencert_load_ca(struct bind_conf *bind_conf)
 {
 	struct proxy *px = bind_conf->frontend;
 	struct ckch_data *data = NULL;
@@ -446,7 +446,7 @@ ssl_sock_load_ca(struct bind_conf *bind_conf)
 
 /* Release CA cert and private key used to generate certificated */
 void
-ssl_sock_free_ca(struct bind_conf *bind_conf)
+ssl_sock_gencert_free_ca(struct bind_conf *bind_conf)
 {
 	if (bind_conf->ca_sign_ckch) {
 		ssl_sock_free_cert_key_and_chain_contents(bind_conf->ca_sign_ckch);

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
@@ -4790,7 +4790,7 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
 
 #ifndef SSL_NO_GENERATE_CERTIFICATES
 	/* initialize CA variables if the certificates generation is enabled */
-	err += ssl_sock_load_ca(bind_conf);
+	err += ssl_sock_gencert_load_ca(bind_conf);
 #endif
 
 	return -err;
@@ -4884,7 +4884,7 @@ REGISTER_POST_DEINIT(ssl_sock_deinit);
 void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
 {
 #ifndef SSL_NO_GENERATE_CERTIFICATES
-	ssl_sock_free_ca(bind_conf);
+	ssl_sock_gencert_free_ca(bind_conf);
 #endif
 	ssl_sock_free_all_ctx(bind_conf);
 	ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);