From 786188f6bfcc6f8ed2a4fe73b543f572ed2a00a9 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 15 Oct 2019 10:05:37 +0200
Subject: [PATCH] BUG/MINOR: ssl: fix error messages for OCSP loading

The error messages for OCSP in ssl_sock_load_crt_file_into_ckch() add a
double extension to the filename, that can be confusing. The messages
reference a .issuer.issuer file.
---
 src/ssl_sock.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ef9182154..1a48e2a39 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3007,7 +3007,7 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, BIO *buf, struct c
 			snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
 			if (stat(fp, &st) == 0) {
 				if (BIO_read_filename(in, fp) <= 0) {
-					memprintf(err, "%s '%s.issuer' is present but cannot be read or parsed'.\n",
+					memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
 						  *err ? *err : "", fp);
 					ret = 1;
 					goto end;
@@ -3015,14 +3015,14 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, BIO *buf, struct c
 
 				issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
 				if (!issuer) {
-					memprintf(err, "%s '%s.issuer' is present but cannot be read or parsed'.\n",
+					memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
 						  *err ? *err : "", fp);
 					ret = 1;
 					goto end;
 				}
 
 				if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
-					memprintf(err, "%s '%s.issuer' is not an issuer'.\n",
+					memprintf(err, "%s '%s' is not an issuer'.\n",
 						  *err ? *err : "", fp);
 					ret = 1;
 					goto end;