mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-29 14:50:59 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl/cli: don't overwrite the filters variable

Browse Source 
When a crt-list line using an already used ckch_store does not contain
filters, it will overwrite the ckchs->filters variable with 0.
This problem will generate all sni_ctx of this ckch_store without
filters. Filters generation mustn't be allowed in any case.

Must be backported in 2.1.
This commit is contained in:
William Lallemand 2019-12-04 15:33:01 +01:00 committed by William Lallemand
parent c640ef1a7d
commit 920b035238
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_sock.c
View File

@ -3858,7 +3858,7 @@ static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *c
/* at least one of the instances is using filters during the config /* at least one of the instances is using filters during the config
* parsing, that's ok to inherit this during loading on CLI */ * parsing, that's ok to inherit this during loading on CLI */
ckchs->filters = !!fcount; ckchs->filters |= !!fcount;
/* Process each ckch and update keytypes for each CN/SAN /* Process each ckch and update keytypes for each CN/SAN
* for example, if CN/SAN www.a.com is associated with * for example, if CN/SAN www.a.com is associated with
@ -4102,7 +4102,7 @@ static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs,
/* at least one of the instances is using filters during the config /* at least one of the instances is using filters during the config
* parsing, that's ok to inherit this during loading on CLI */ * parsing, that's ok to inherit this during loading on CLI */
ckchs->filters = !!fcount; ckchs->filters |= !!fcount;
ctx = SSL_CTX_new(SSLv23_server_method()); ctx = SSL_CTX_new(SSLv23_server_method());
if (!ctx) { if (!ctx) {