mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-07 07:37:02 +02:00
BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list
In issue #970 it was reported that the bundle loading does not work
anymore with crt-list.
This bug was introduced by 47da821
("MEDIUM: ssl: emulates the
multi-cert bundles in the crtlist") which incorrectly uses "path"
instead of "crt_path" in the name resolution.
Must be backported to 2.3.
This commit is contained in:
parent
aab1b67383
commit
86c2dd60f1
@ -447,7 +447,6 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
|
|||||||
struct crtlist *newlist;
|
struct crtlist *newlist;
|
||||||
struct crtlist_entry *entry = NULL;
|
struct crtlist_entry *entry = NULL;
|
||||||
char thisline[CRT_LINESIZE];
|
char thisline[CRT_LINESIZE];
|
||||||
char path[MAXPATHLEN+1];
|
|
||||||
FILE *f;
|
FILE *f;
|
||||||
struct stat buf;
|
struct stat buf;
|
||||||
int linenum = 0;
|
int linenum = 0;
|
||||||
@ -470,6 +469,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
|
|||||||
char *end;
|
char *end;
|
||||||
char *line = thisline;
|
char *line = thisline;
|
||||||
char *crt_path;
|
char *crt_path;
|
||||||
|
char path[MAXPATHLEN+1];
|
||||||
struct ckch_store *ckchs;
|
struct ckch_store *ckchs;
|
||||||
|
|
||||||
if (missing_lf != -1) {
|
if (missing_lf != -1) {
|
||||||
@ -564,7 +564,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
|
|||||||
struct stat buf;
|
struct stat buf;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
|
ret = snprintf(fp, sizeof(fp), "%s.%s", crt_path, SSL_SOCK_KEYTYPE_NAMES[n]);
|
||||||
if (ret > sizeof(fp))
|
if (ret > sizeof(fp))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user