From 1b04e5b0e0ced15345f5451ca417b9ef08f422a0 Mon Sep 17 00:00:00 2001 From: yanbzhu Date: Wed, 2 Dec 2015 13:54:14 -0500 Subject: [PATCH] MINOR: ssl: Added multi cert support for crt-list config keyword Added support for loading mutiple certs into shared contexts when they are specified in a crt-list Note that it's not practical to support SNI filters with multicerts, so any SNI filters that's provided to the crt-list is ignored if a multi-cert opertion is used. --- src/ssl_sock.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 5226a4962..d058e4f97 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -2283,6 +2283,7 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct { char thisline[LINESIZE]; FILE *f; + struct stat buf; int linenum = 0; int cfgerr = 0; @@ -2341,7 +2342,12 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct if (!arg) continue; - cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err); + if (stat(args[0], &buf) == 0) { + cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err); + } else { + cfgerr = ssl_sock_load_multi_cert(args[0], bind_conf, curproxy, NULL, err); + } + if (cfgerr) { memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err); break;