From 963b2e70ba80420649a2b1e94ddc7d45a40903d8 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Mon, 14 Oct 2019 11:38:36 +0200 Subject: [PATCH] BUG/MINOR: ssl: fix build without multi-cert bundles Commit 150bfa8 broke the build with ssl libs that does not support multi certificate bundles. Issue #322. --- src/ssl_sock.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 90df6e7c6..8a3e78fa3 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -9592,8 +9592,7 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, struct list tmp_ckchi_list; BIO *mem; char *err = NULL; - char *end = NULL; - int j, i; + int i; int found = 0; int bundle = -1; int ret = 0; @@ -9690,19 +9689,28 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, HA_RWLOCK_WRUNLOCK(CKCH_LOCK, &ckchi->bind_conf->sni_lock); } } +#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL + { + char *end = NULL; + int j; - /* check if it was also used as a bundle by removing the - * .dsa/.rsa/.ecdsa at the end of the filename */ - if (bundle >= 0) - break; - end = strrchr(args[3], '.'); - for (j = 0; *end && j < SSL_SOCK_NUM_KEYTYPES; j++) { - if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) { - bundle = j; /* keep the type of certificate so we insert it at the right place */ - *end = '\0'; /* it's a bundle let's end the string*/ + /* check if it was also used as a bundle by removing the + * .dsa/.rsa/.ecdsa at the end of the filename */ + if (bundle >= 0) break; + end = strrchr(args[3], '.'); + for (j = 0; *end && j < SSL_SOCK_NUM_KEYTYPES; j++) { + if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) { + bundle = j; /* keep the type of certificate so we insert it at the right place */ + *end = '\0'; /* it's a bundle let's end the string*/ + break; + } } } +#else + /* bundles are not supported here, so we don't need to lookup again */ + break; +#endif } if (!found) {