mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 15:47:01 +02:00
Code Issues Projects Releases Wiki Activity

MEDIUM: ssl: add extra_chain to ckch_data

Browse Source 
The extra_chain member is a pointer to the 'issuers-chain-path' file
that completed the chain.

This is useful to get what chain file was used.
This commit is contained in:
William Lallemand 2024-07-17 13:32:43 +02:00
parent f3dfd95aa2
commit 344c3ce8fc
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/haproxy/ssl_ckch-t.h
View File

@ -55,6 +55,7 @@ struct ckch_data {
struct buffer *ocsp_response;
X509 *ocsp_issuer;
OCSP_CERTID *ocsp_cid;
struct issuer_chain *extra_chain; /* chain from 'issuers-chain-path' */
};
/* configuration for the ckch_store */

6
src/ssl_ckch.c
View File

@ -580,6 +580,7 @@ int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct ckch_data *d
EVP_PKEY *key = NULL;
HASSL_DH *dh = NULL;
STACK_OF(X509) *chain = NULL;
struct issuer_chain *issuer_chain = NULL;
if (buf) {
/* reading from a buffer */
@ -649,11 +650,9 @@ int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct ckch_data *d
/* If we couldn't find a chain, we should try to look for a corresponding chain in 'issuers-chain-path' */
if (chain == NULL) {
struct issuer_chain *issuer_chain;
issuer_chain = ssl_get0_issuer_chain(cert);
if (issuer_chain) {
if (issuer_chain)
chain = X509_chain_up_ref(issuer_chain->chain);
}
}
ret = ERR_get_error();
@ -684,6 +683,7 @@ int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct ckch_data *d
SWAP(data->dh, dh);
SWAP(data->cert, cert);
SWAP(data->chain, chain);
SWAP(data->extra_chain, issuer_chain);
ret = 0;