BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list

In issue #970 it was reported that the bundle loading does not work
anymore with crt-list.

This bug was introduced by 47da821 ("MEDIUM: ssl: emulates the
multi-cert bundles in the crtlist") which incorrectly uses "path"
instead of "crt_path" in the name resolution.

Must be backported to 2.3.
This commit is contained in:
William Lallemand 2020-11-20 14:23:38 +01:00 committed by William Lallemand
parent aab1b67383
commit 86c2dd60f1

View File

@ -447,7 +447,6 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
struct crtlist *newlist; struct crtlist *newlist;
struct crtlist_entry *entry = NULL; struct crtlist_entry *entry = NULL;
char thisline[CRT_LINESIZE]; char thisline[CRT_LINESIZE];
char path[MAXPATHLEN+1];
FILE *f; FILE *f;
struct stat buf; struct stat buf;
int linenum = 0; int linenum = 0;
@ -470,6 +469,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
char *end; char *end;
char *line = thisline; char *line = thisline;
char *crt_path; char *crt_path;
char path[MAXPATHLEN+1];
struct ckch_store *ckchs; struct ckch_store *ckchs;
if (missing_lf != -1) { if (missing_lf != -1) {
@ -564,7 +564,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
struct stat buf; struct stat buf;
int ret; int ret;
ret = snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]); ret = snprintf(fp, sizeof(fp), "%s.%s", crt_path, SSL_SOCK_KEYTYPE_NAMES[n]);
if (ret > sizeof(fp)) if (ret > sizeof(fp))
continue; continue;