mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-11-30 15:21:04 +01:00
MINOR: ssl: deduplicate crl-file
Load file for crl or ca-cert is realy done with the same function in OpenSSL, via X509_STORE_load_locations. Accordingly, deduplicate crl-file and ca-file can share the same function.
This commit is contained in:
parent
129d3285a5
commit
b270e8166c
@ -364,7 +364,7 @@ static struct {
|
|||||||
} ckchs_transaction;
|
} ckchs_transaction;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* deduplicate cafile
|
* deduplicate cafile (and crlfile)
|
||||||
*/
|
*/
|
||||||
struct cafile_entry {
|
struct cafile_entry {
|
||||||
X509_STORE *ca_store;
|
X509_STORE *ca_store;
|
||||||
@ -5054,7 +5054,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
|
|||||||
if (crl_file) {
|
if (crl_file) {
|
||||||
X509_STORE *store = SSL_CTX_get_cert_store(ctx);
|
X509_STORE *store = SSL_CTX_get_cert_store(ctx);
|
||||||
|
|
||||||
if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
|
if (!ssl_set_cert_crl_file(store, crl_file)) {
|
||||||
memprintf(err, "%sProxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
|
memprintf(err, "%sProxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
|
||||||
err && *err ? *err : "", curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
|
err && *err ? *err : "", curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
|
||||||
cfgerr |= ERR_ALERT | ERR_FATAL;
|
cfgerr |= ERR_ALERT | ERR_FATAL;
|
||||||
@ -5557,7 +5557,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv)
|
|||||||
if (srv->ssl_ctx.crl_file) {
|
if (srv->ssl_ctx.crl_file) {
|
||||||
X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
|
X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
|
||||||
|
|
||||||
if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
|
if (!ssl_set_cert_crl_file(store, srv->ssl_ctx.crl_file)) {
|
||||||
ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
|
ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
|
||||||
curproxy->id, srv->id,
|
curproxy->id, srv->id,
|
||||||
srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
|
srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
|
||||||
@ -8616,6 +8616,10 @@ static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, s
|
|||||||
else
|
else
|
||||||
memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
|
memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
|
||||||
|
|
||||||
|
if (!ssl_store_load_locations_file(conf->crl_file)) {
|
||||||
|
memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->crl_file);
|
||||||
|
return ERR_ALERT | ERR_FATAL;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -9336,6 +9340,10 @@ static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struc
|
|||||||
else
|
else
|
||||||
memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
|
memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
|
||||||
|
|
||||||
|
if (!ssl_store_load_locations_file(newsrv->ssl_ctx.crl_file)) {
|
||||||
|
memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.crl_file);
|
||||||
|
return ERR_ALERT | ERR_FATAL;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user