mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-09 16:47:18 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: fix error messages for OCSP loading

Browse Source 
The error messages for OCSP in ssl_sock_load_crt_file_into_ckch() add a
double extension to the filename, that can be confusing. The messages
reference a .issuer.issuer file.
This commit is contained in:
William Lallemand 2019-10-15 10:05:37 +02:00 committed by William Lallemand
parent f0eb3739ac
commit 786188f6bf
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl_sock.c
View File

@ -3007,7 +3007,7 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, BIO *buf, struct c
snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
if (stat(fp, &st) == 0) {
if (BIO_read_filename(in, fp) <= 0) {
memprintf(err, "%s '%s.issuer' is present but cannot be read or parsed'.\n",
memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
*err ? *err : "", fp);
ret = 1;
goto end;
@ -3015,14 +3015,14 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, BIO *buf, struct c
issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
if (!issuer) {
memprintf(err, "%s '%s.issuer' is present but cannot be read or parsed'.\n",
memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
*err ? *err : "", fp);
ret = 1;
goto end;
}
if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
memprintf(err, "%s '%s.issuer' is not an issuer'.\n",
memprintf(err, "%s '%s' is not an issuer'.\n",
*err ? *err : "", fp);
ret = 1;
goto end;