From 3246d9466a4accad62ee22e348dda709d65077af Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 4 Nov 2019 14:02:11 +0100
Subject: [PATCH] BUG/MINOR: ssl/cli: fix an error when a file is not found

When trying to update a certificate <file>.{rsa,ecdsa,dsa}, but this one
does not exist and if <file> was used as a regular file in the
configuration, the error was ambiguous. Correct it so we can return a
certificate not found error.
---
 src/ssl_sock.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7b2f1021c..88c0a01ef 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10307,10 +10307,13 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
 					errcode |= ERR_ALERT | ERR_FATAL;
 					goto end;
 				}
-				/* If we want a bundle but this is not a bundle */
-				/* note that it should never happen */
-				if (bundle >= 0 && find_ckchs[i]->multi == 0)
-					goto end;
+				/* If we want a bundle but this is not a bundle
+				 * example: When you try to update <file>.rsa, but
+				 * <file> is a regular file */
+				if (bundle >= 0 && find_ckchs[i]->multi == 0) {
+					find_ckchs[i] = NULL;
+					break;
+				}
 			}
 #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
 			{