BUG/MEDIUM: Fix bind updates without restart

oliwer · mjuraga · commit ccf6d0eee28e · 2025-02-17T11:40:04.000Z
Some keywords in bind parameters were not using the right type for
serialization (ServerOption instead of BindOption). Since both types
share the same interface, the serialization to disk was working, but
the parser was silently ignoring ServerOptions. So when the user used
the API to create a new Bind and then GET it, the parser would miss
those keywords because they have the wrong type in the cache.

Note that this bug impacts both the deprecated API (like ForceNoSslv3)
and the new API.
diff --git a/configuration/bind.go b/configuration/bind.go
@@ -525,50 +525,50 @@ func serializeBindParams(b models.BindParams, path string) []params.BindOption {
 		options = append(options, &params.BindOptionWord{Name: "defer-accept"})
 	}
 	if b.ExposeFdListeners {
-		options = append(options, &params.ServerOptionDoubleWord{Name: "expose-fd", Value: "listeners"})
+		options = append(options, &params.BindOptionDoubleWord{Name: "expose-fd", Value: "listeners"})
 	}
 	if b.Sslv3 == "enabled" ||
 		b.ForceSslv3 {
-		options = append(options, &params.ServerOptionWord{Name: "force-sslv3"})
+		options = append(options, &params.BindOptionWord{Name: "force-sslv3"})
 	}
 	if b.Sslv3 == "disabled" ||
 		b.NoSslv3 {
-		options = append(options, &params.ServerOptionWord{Name: "no-sslv3"})
+		options = append(options, &params.BindOptionWord{Name: "no-sslv3"})
 	}
 	if b.Tlsv10 == "enabled" ||
 		b.ForceTlsv10 {
-		options = append(options, &params.ServerOptionWord{Name: "force-tlsv10"})
+		options = append(options, &params.BindOptionWord{Name: "force-tlsv10"})
 	}
 	if b.Tlsv10 == "disabled" ||
 		b.NoTlsv10 {
-		options = append(options, &params.ServerOptionWord{Name: "no-tlsv10"})
+		options = append(options, &params.BindOptionWord{Name: "no-tlsv10"})
 	}
 	if b.Tlsv11 == "enabled" ||
 		b.ForceTlsv11 {
-		options = append(options, &params.ServerOptionWord{Name: "force-tlsv11"})
+		options = append(options, &params.BindOptionWord{Name: "force-tlsv11"})
 	}
 	if b.Tlsv11 == "disabled" ||
 		b.NoTlsv11 {
-		options = append(options, &params.ServerOptionWord{Name: "no-tlsv11"})
+		options = append(options, &params.BindOptionWord{Name: "no-tlsv11"})
 	}
 	if b.Tlsv12 == "enabled" ||
 		b.ForceTlsv12 {
-		options = append(options, &params.ServerOptionWord{Name: "force-tlsv12"})
+		options = append(options, &params.BindOptionWord{Name: "force-tlsv12"})
 	}
 	if b.Tlsv12 == "disabled" ||
 		b.NoTlsv12 {
-		options = append(options, &params.ServerOptionWord{Name: "no-tlsv12"})
+		options = append(options, &params.BindOptionWord{Name: "no-tlsv12"})
 	}
 	if b.Tlsv13 == "enabled" ||
 		b.ForceTlsv13 {
-		options = append(options, &params.ServerOptionWord{Name: "force-tlsv13"})
+		options = append(options, &params.BindOptionWord{Name: "force-tlsv13"})
 	}
 	if b.Tlsv13 == "disabled" ||
 		b.NoTlsv13 {
-		options = append(options, &params.ServerOptionWord{Name: "no-tlsv13"})
+		options = append(options, &params.BindOptionWord{Name: "no-tlsv13"})
 	}
 	if b.GenerateCertificates {
-		options = append(options, &params.ServerOptionWord{Name: "generate-certificates"})
+		options = append(options, &params.BindOptionWord{Name: "generate-certificates"})
 	}
 	if b.Gid != 0 {
 		options = append(options, &params.BindOptionValue{Name: "gid", Value: strconv.FormatInt(b.Gid, 10)})
@@ -607,16 +607,16 @@ func serializeBindParams(b models.BindParams, path string) []params.BindOption {
 		options = append(options, &params.BindOptionValue{Name: "nbconn", Value: strconv.FormatInt(b.Nbconn, 10)})
 	}
 	if b.NoCaNames {
-		options = append(options, &params.ServerOptionWord{Name: "no-ca-names"})
+		options = append(options, &params.BindOptionWord{Name: "no-ca-names"})
 	}
 	if b.NoTLSTickets {
-		options = append(options, &params.ServerOptionWord{Name: "no-tls-tickets"})
+		options = append(options, &params.BindOptionWord{Name: "no-tls-tickets"})
 	}
 	if b.Npn != "" {
 		options = append(options, &params.BindOptionValue{Name: "npn", Value: b.Npn})
 	}
 	if b.PreferClientCiphers {
-		options = append(options, &params.ServerOptionWord{Name: "prefer-client-ciphers"})
+		options = append(options, &params.BindOptionWord{Name: "prefer-client-ciphers"})
 	}
 	if b.Proto != "" {
 		options = append(options, &params.BindOptionValue{Name: "proto", Value: b.Proto})
@@ -631,10 +631,10 @@ func serializeBindParams(b models.BindParams, path string) []params.BindOption {
 		options = append(options, &params.BindOptionValue{Name: "ssl-min-ver", Value: b.SslMinVer})
 	}
 	if b.StrictSni {
-		options = append(options, &params.ServerOptionWord{Name: "strict-sni"})
+		options = append(options, &params.BindOptionWord{Name: "strict-sni"})
 	}
 	if b.Tfo {
-		options = append(options, &params.ServerOptionWord{Name: "tfo"})
+		options = append(options, &params.BindOptionWord{Name: "tfo"})
 	}
 	if b.Thread != "" {
 		options = append(options, &params.BindOptionValue{Name: "thread", Value: b.Thread})

Original file line number	Diff line number	Diff line change
`@@ -525,50 +525,50 @@ func serializeBindParams(b models.BindParams, path string) []params.BindOption {`
`525`	`525`	`options = append(options, &params.BindOptionWord{Name: "defer-accept"})`
`526`	`526`	`}`
`527`	`527`	`if b.ExposeFdListeners {`
`528`		`- options = append(options, &params.ServerOptionDoubleWord{Name: "expose-fd", Value: "listeners"})`
	`528`	`+ options = append(options, &params.BindOptionDoubleWord{Name: "expose-fd", Value: "listeners"})`
`529`	`529`	`}`
`530`	`530`	`if b.Sslv3 == "enabled" \|\|`
`531`	`531`	`b.ForceSslv3 {`
`532`		`- options = append(options, &params.ServerOptionWord{Name: "force-sslv3"})`
	`532`	`+ options = append(options, &params.BindOptionWord{Name: "force-sslv3"})`
`533`	`533`	`}`
`534`	`534`	`if b.Sslv3 == "disabled" \|\|`
`535`	`535`	`b.NoSslv3 {`
`536`		`- options = append(options, &params.ServerOptionWord{Name: "no-sslv3"})`
	`536`	`+ options = append(options, &params.BindOptionWord{Name: "no-sslv3"})`
`537`	`537`	`}`
`538`	`538`	`if b.Tlsv10 == "enabled" \|\|`
`539`	`539`	`b.ForceTlsv10 {`
`540`		`- options = append(options, &params.ServerOptionWord{Name: "force-tlsv10"})`
	`540`	`+ options = append(options, &params.BindOptionWord{Name: "force-tlsv10"})`
`541`	`541`	`}`
`542`	`542`	`if b.Tlsv10 == "disabled" \|\|`
`543`	`543`	`b.NoTlsv10 {`
`544`		`- options = append(options, &params.ServerOptionWord{Name: "no-tlsv10"})`
	`544`	`+ options = append(options, &params.BindOptionWord{Name: "no-tlsv10"})`
`545`	`545`	`}`
`546`	`546`	`if b.Tlsv11 == "enabled" \|\|`
`547`	`547`	`b.ForceTlsv11 {`
`548`		`- options = append(options, &params.ServerOptionWord{Name: "force-tlsv11"})`
	`548`	`+ options = append(options, &params.BindOptionWord{Name: "force-tlsv11"})`
`549`	`549`	`}`
`550`	`550`	`if b.Tlsv11 == "disabled" \|\|`
`551`	`551`	`b.NoTlsv11 {`
`552`		`- options = append(options, &params.ServerOptionWord{Name: "no-tlsv11"})`
	`552`	`+ options = append(options, &params.BindOptionWord{Name: "no-tlsv11"})`
`553`	`553`	`}`
`554`	`554`	`if b.Tlsv12 == "enabled" \|\|`
`555`	`555`	`b.ForceTlsv12 {`
`556`		`- options = append(options, &params.ServerOptionWord{Name: "force-tlsv12"})`
	`556`	`+ options = append(options, &params.BindOptionWord{Name: "force-tlsv12"})`
`557`	`557`	`}`
`558`	`558`	`if b.Tlsv12 == "disabled" \|\|`
`559`	`559`	`b.NoTlsv12 {`
`560`		`- options = append(options, &params.ServerOptionWord{Name: "no-tlsv12"})`
	`560`	`+ options = append(options, &params.BindOptionWord{Name: "no-tlsv12"})`
`561`	`561`	`}`
`562`	`562`	`if b.Tlsv13 == "enabled" \|\|`
`563`	`563`	`b.ForceTlsv13 {`
`564`		`- options = append(options, &params.ServerOptionWord{Name: "force-tlsv13"})`
	`564`	`+ options = append(options, &params.BindOptionWord{Name: "force-tlsv13"})`
`565`	`565`	`}`
`566`	`566`	`if b.Tlsv13 == "disabled" \|\|`
`567`	`567`	`b.NoTlsv13 {`
`568`		`- options = append(options, &params.ServerOptionWord{Name: "no-tlsv13"})`
	`568`	`+ options = append(options, &params.BindOptionWord{Name: "no-tlsv13"})`
`569`	`569`	`}`
`570`	`570`	`if b.GenerateCertificates {`
`571`		`- options = append(options, &params.ServerOptionWord{Name: "generate-certificates"})`
	`571`	`+ options = append(options, &params.BindOptionWord{Name: "generate-certificates"})`
`572`	`572`	`}`
`573`	`573`	`if b.Gid != 0 {`
`574`	`574`	`options = append(options, &params.BindOptionValue{Name: "gid", Value: strconv.FormatInt(b.Gid, 10)})`
`@@ -607,16 +607,16 @@ func serializeBindParams(b models.BindParams, path string) []params.BindOption {`
`607`	`607`	`options = append(options, &params.BindOptionValue{Name: "nbconn", Value: strconv.FormatInt(b.Nbconn, 10)})`
`608`	`608`	`}`
`609`	`609`	`if b.NoCaNames {`
`610`		`- options = append(options, &params.ServerOptionWord{Name: "no-ca-names"})`
	`610`	`+ options = append(options, &params.BindOptionWord{Name: "no-ca-names"})`
`611`	`611`	`}`
`612`	`612`	`if b.NoTLSTickets {`
`613`		`- options = append(options, &params.ServerOptionWord{Name: "no-tls-tickets"})`
	`613`	`+ options = append(options, &params.BindOptionWord{Name: "no-tls-tickets"})`
`614`	`614`	`}`
`615`	`615`	`if b.Npn != "" {`
`616`	`616`	`options = append(options, &params.BindOptionValue{Name: "npn", Value: b.Npn})`
`617`	`617`	`}`
`618`	`618`	`if b.PreferClientCiphers {`
`619`		`- options = append(options, &params.ServerOptionWord{Name: "prefer-client-ciphers"})`
	`619`	`+ options = append(options, &params.BindOptionWord{Name: "prefer-client-ciphers"})`
`620`	`620`	`}`
`621`	`621`	`if b.Proto != "" {`
`622`	`622`	`options = append(options, &params.BindOptionValue{Name: "proto", Value: b.Proto})`
`@@ -631,10 +631,10 @@ func serializeBindParams(b models.BindParams, path string) []params.BindOption {`
`631`	`631`	`options = append(options, &params.BindOptionValue{Name: "ssl-min-ver", Value: b.SslMinVer})`
`632`	`632`	`}`
`633`	`633`	`if b.StrictSni {`
`634`		`- options = append(options, &params.ServerOptionWord{Name: "strict-sni"})`
	`634`	`+ options = append(options, &params.BindOptionWord{Name: "strict-sni"})`
`635`	`635`	`}`
`636`	`636`	`if b.Tfo {`
`637`		`- options = append(options, &params.ServerOptionWord{Name: "tfo"})`
	`637`	`+ options = append(options, &params.BindOptionWord{Name: "tfo"})`
`638`	`638`	`}`
`639`	`639`	`if b.Thread != "" {`
`640`	`640`	`options = append(options, &params.BindOptionValue{Name: "thread", Value: b.Thread})`