BUG/MEDIUM: ssl: apply ssl-f-use on every "ssl" bind

This patch introduces a change of behavior in the configuration parsing.

Previously the "ssl-f-use" lines were only applied on "ssl" bind lines
that does not have any "crt" configured.
Since there is no warning and you could mix bind lines with and without
crt, this is really confusing.

This patch applies the "ssl-f-use" lines on every "ssl" bind lines.

This was discussed in ticket #3082.

Must be backported in 3.2.

doc/configuration.txt

@@ -12205,8 +12205,9 @@ ssl-f-use [<sslbindconf> ...]*
   Assignate a certificate <crtname> to a crt-list created automatically with the
   frontend name and prefixed by @ (ex: '@frontend1').
 
-  This implicit crt-list will be assigned to every "ssl" bind lines in a
+  This implicit crt-list will be assigned to every "ssl" bind lines in the
-  frontend that does not already have the "crt" or the "crt-list" line.
+  current frontend.
+
   crt-list commands from the stats socket are effective with this crt-list, so
   one could replace, remove or add certificates and SSL options to it.
 

src/cfgparse-ssl.c

@@ -2442,14 +2442,12 @@ static int post_section_frontend_crt_init()
 			goto error;
 		}
 
-		/* look for "ssl" bind lines without any crt nor crt-line */
+		/* look for "ssl" bind lines */
 		list_for_each_entry(b, &curproxy->conf.bind, by_fe) {
 			if (b->options & BC_O_USE_SSL) {
-				if (eb_is_empty(&b->sni_ctx) && eb_is_empty(&b->sni_w_ctx)) {
+				err_code |= ssl_sock_load_cert_list_file(crtlist_name, 0, b, curproxy, &err);
-					err_code |= ssl_sock_load_cert_list_file(crtlist_name, 0, b, curproxy, &err);
+				if (err_code & ERR_CODE)
-					if (err_code & ERR_CODE)
+					goto error;
-						goto error;
-				}
 			}
 		}
 	}