mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-30 18:21:24 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl/cli: disallow SSL options for directory in 'add ssl crt-list'

Browse Source 
Allowing the use of SSL options and filters when adding a file in a
directory is not really consistent with the reload of HAProxy. Disable
the ability to use these options if one try to use them with a directory.
This commit is contained in:
William Lallemand 2020-04-21 16:54:19 +02:00 committed by William Lallemand
parent 56e3120f9e
commit b74d564043
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl_sock.c
View File

@ -11445,6 +11445,12 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
goto error; goto error;
} }
/* this is supposed to be a directory (EB_ROOT_UNIQUE), so no ssl_conf are allowed */
if ((entry->ssl_conf || entry->filters) && eb_gettag(crtlist->entries.b[EB_RGHT])) {
memprintf(&err, "this is a directory, SSL configuration and filters are not allowed");
goto error;
}
LIST_ADDQ(&crtlist->ord_entries, &entry->by_crtlist); LIST_ADDQ(&crtlist->ord_entries, &entry->by_crtlist);
entry->crtlist = crtlist; entry->crtlist = crtlist;
LIST_ADDQ(&store->crtlist_entry, &entry->by_ckch_store); LIST_ADDQ(&store->crtlist_entry, &entry->by_ckch_store);