From 83918e2ef13a5e7629a701d712ae4eede6bd19a5 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 16 Mar 2020 17:21:51 +0100
Subject: [PATCH] BUG/MINOR: ssl: can't open directories anymore

The commit 6be66ec ("MINOR: ssl: directories are loaded like crt-list")
broke the directory loading of the certificates. The <crtlist> wasn't
filled by the crtlist_load_cert_dir() function. And the entries were
not correctly initialized. Leading to a segfault during startup.
---
 src/ssl_sock.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f1b0ba9b4..6da15b885 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4461,6 +4461,7 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct
 	}
 	memcpy(dir->node.key, path, strlen(path) + 1);
 	dir->entries = EB_ROOT_UNIQUE; /* it's a directory, files are unique */
+	LIST_INIT(&dir->ord_entries);
 
 	n = scandir(path, &de_list, 0, alphasort);
 	if (n < 0) {
@@ -4484,6 +4485,11 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct
 				goto ignore_entry;
 			}
 
+			/* directories don't use ssl_conf and filters */
+			entry->fcount = 0;
+			entry->filters = NULL;
+			entry->ssl_conf = NULL;
+
 			snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
 			if (stat(fp, &buf) != 0) {
 				memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
@@ -4532,9 +4538,8 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct
 						cfgerr |= ERR_ALERT | ERR_FATAL;
 						goto end;
 					}
-
 					entry->node.key = ckchs;
-					entry->ssl_conf = NULL; /* directories don't use ssl_conf */
+					LIST_ADDQ(&dir->ord_entries, &entry->by_crtlist);
 					ebpt_insert(&dir->entries, &entry->node);
 
 					/* Successfully processed the bundle */
@@ -4553,7 +4558,7 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct
 				goto end;
 			}
 			entry->node.key = ckchs;
-			entry->ssl_conf = NULL; /* directories don't use ssl_conf */
+			LIST_ADDQ(&dir->ord_entries, &entry->by_crtlist);
 			ebpt_insert(&dir->entries, &entry->node);
 
 ignore_entry:
@@ -4577,8 +4582,9 @@ end:
 			free(entry);
 		}
 		free(dir);
+	} else {
+		*crtlist = dir;
 	}
-
 	return cfgerr;
 
 }