MINOR: ssl: Allow duplicated entries in the cafile_tree

In order to ease ca-file hot update via the CLI, the ca-file tree will
need to allow duplicate entries for a given path. This patch simply
enables it and offers a way to select either the oldest entry or the
latest entry in the tree for a given path.

src/ssl_ckch.c

@@ -923,18 +923,42 @@ struct ckch_inst *ckch_inst_new()
 
 
 /********************  ssl_store functions ******************************/
-struct eb_root cafile_tree = EB_ROOT_UNIQUE;
+struct eb_root cafile_tree = EB_ROOT;
 
-X509_STORE* ssl_store_get0_locations_file(char *path)
+/*
+ * Returns the cafile_entry found in the cafile_tree indexed by the path 'path'.
+ * If 'oldest_entry' is 1, returns the "original" cafile_entry (since
+ * during a set cafile/commit cafile cycle there might be two entries for any
+ * given path, the original one and the new one set via the CLI but not
+ * committed yet).
+ */
+static struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry)
 {
+	struct cafile_entry *ca_e = NULL;
 	struct ebmb_node *eb;
 
 	eb = ebst_lookup(&cafile_tree, path);
-	if (eb) {
+	while (eb) {
-		struct cafile_entry *ca_e;
 		ca_e = ebmb_entry(eb, struct cafile_entry, node);
-		return ca_e->ca_store;
+		/* The ebst_lookup in a tree that has duplicates returns the
+		 * oldest entry first. If we want the latest entry, we need to
+		 * iterate over all the duplicates until we find the last one
+		 * (in our case there should never be more than two entries for
+		 * any given path). */
+		if (oldest_entry)
+			return ca_e;
+		eb = ebmb_next_dup(eb);
 	}
+	return ca_e;
+}
+
+X509_STORE* ssl_store_get0_locations_file(char *path)
+{
+	struct cafile_entry *ca_e = ssl_store_get_cafile_entry(path, 0);
+
+	if (ca_e)
+		return ca_e->ca_store;
+
 	return NULL;
 }