WebSafe 3.7github.com
|
|
🏠
Skip to content

clarify errors when a keyword is missing #3246

New issue
New issue
Open
Open
clarify errors when a keyword is missing#3246
Labels
good first issueGood for newcomerstype: featureThis issue describes a feature request / wishlist.
@wlallemand

Description

@wlallemand
wlallemand
opened on Jan 14, 2026

Your Feature Request

Some keywords are disabled at compilation time, because a USE option was not activated or a dependency is missing, or the version of the library does not contain the feature.

For example in cfgparse-ssl.c:

	{ CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
#if defined(SSL_CTX_set1_curves_list)
	{ CFG_GLOBAL, "ssl-default-bind-curves", ssl_parse_global_curves },
	{ CFG_GLOBAL, "ssl-default-server-curves", ssl_parse_global_curves },
#endif
#if defined(SSL_CTX_set1_sigalgs_list)
	{ CFG_GLOBAL, "ssl-default-bind-sigalgs", ssl_parse_global_sigalgs },
	{ CFG_GLOBAL, "ssl-default-server-sigalgs", ssl_parse_global_sigalgs },
#endif
#if defined(SSL_CTX_set1_client_sigalgs_list)
	{ CFG_GLOBAL, "ssl-default-bind-client-sigalgs", ssl_parse_global_client_sigalgs },
	{ CFG_GLOBAL, "ssl-default-server-client-sigalgs", ssl_parse_global_client_sigalgs },
#endif

Instead of using an ifdef at keyword registration, we should define the content of the parsing function with an ifdef, allowing to explain correctly why the keyword is not available.

For example the ssl-security-level does it this way:

/* parse the "ssl-security-level" keyword in global section.  */
static int ssl_parse_security_level(char **args, int section_type, struct proxy *curpx,
					 const struct proxy *defpx, const char *file, int linenum,
					 char **err)
{
#ifndef HAVE_SSL_SET_SECURITY_LEVEL
	memprintf(err, "global statement '%s' requires at least OpenSSL 1.1.1.", args[0]);
	return -1;
#else
	char *endptr;

	if (!*args[1]) {
		ha_alert("parsing [%s:%d] : '%s' : missing value\n", file, linenum, args[0]);
		return -1;
	}
[...]
#endif

	return 0;
}

What are you trying to do?

Having clearer messages at configuration parsing, instead of a generic message:

"config parsing [test3.cfg:4] unknown keyword 'ssl-dh-param-file' in 'global' section; did you mean 'tune.ssl.default-dh-param' maybe ?"

Should be something like:

"config parsing [test3.cfg:4]  'ssl-dh-param-file' is not supported by AWS-LC 3.0.0"

Steps

  • determine which keywords are concerned
  • determine exceptions that should emit a warning and not an alert
  • implementation

Output of haproxy -vv

N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomerstype: featureThis issue describes a feature request / wishlist.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions