diff options
Diffstat (limited to 'net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat')
| -rw-r--r-- | net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat b/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat deleted file mode 100644 index e6f0291f8c89..000000000000 --- a/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat +++ /dev/null @@ -1,78 +0,0 @@ -From ce5ca630697a069ffbd81169663e5dbeb554179a Mon Sep 17 00:00:00 2001 -From: Willy Tarreau <w@1wt.eu> -Date: Wed, 6 Oct 2021 11:23:32 +0200 -Subject: CLEANUP: servers: do not include openssl-compat - -This is exactly the same as for listeners, servers only include -openssl-compat to provide the SSL_CTX type to use as two pointers to -contexts, and to detect if NPN, ALPN, and cipher suites are supported, -and save up to 5 pointers in the ssl_ctx struct if not supported. This -is pointless, as these ones have all been supported for about a decade, -and including this file comes with a long dependency chain that impacts -lots of other files. The ctx was made a void*. - -Now the build time was significantly reduced, from 9.2 to 8.1 seconds, -thanks to opensslconf.h being included "only" 456 times instead of 2424 -previously! - -The total number of lines of code compiled was reduced by 15%. - -(cherry picked from commit 340ef2502eae2a37781e460d3590982c0e437fbd) -[wt: this is backported to get rid of the painful #ifdef around SSL - fields that regularly break backports] -Signed-off-by: Willy Tarreau <w@1wt.eu> ---- - include/haproxy/server-t.h | 10 +--------- - 1 file changed, 1 insertion(+), 9 deletions(-) - -diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h -index 429195388..32b649bf3 100644 ---- include/haproxy/server-t.h -+++ include/haproxy/server-t.h -@@ -35,9 +35,7 @@ - #include <haproxy/freq_ctr-t.h> - #include <haproxy/listener-t.h> - #include <haproxy/obj_type-t.h> --#include <haproxy/openssl-compat.h> - #include <haproxy/resolvers-t.h> --#include <haproxy/ssl_sock-t.h> - #include <haproxy/stats-t.h> - #include <haproxy/task-t.h> - #include <haproxy/thread-t.h> -@@ -341,7 +339,7 @@ struct server { - #ifdef USE_OPENSSL - char *sni_expr; /* Temporary variable to store a sample expression for SNI */ - struct { -- SSL_CTX *ctx; -+ void *ctx; - struct { - unsigned char *ptr; - int size; -@@ -353,9 +351,7 @@ struct server { - __decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */ - - char *ciphers; /* cipher suite to use if non-null */ --#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES - char *ciphersuites; /* TLS 1.3 cipher suite to use if non-null */ --#endif - int options; /* ssl options */ - int verify; /* verify method (set of SSL_VERIFY_* flags) */ - struct tls_version_filter methods; /* ssl methods */ -@@ -363,14 +359,10 @@ struct server { - char *ca_file; /* CAfile to use on verify */ - char *crl_file; /* CRLfile to use on verify */ - struct sample_expr *sni; /* sample expression for SNI */ --#ifdef OPENSSL_NPN_NEGOTIATED - char *npn_str; /* NPN protocol string */ - int npn_len; /* NPN protocol string length */ --#endif --#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - char *alpn_str; /* ALPN protocol string */ - int alpn_len; /* ALPN protocol string length */ --#endif - } ssl_ctx; - #ifdef USE_QUIC - struct quic_transport_params quic_params; /* QUIC transport parameters */ --- -2.28.0 - |