BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket command

It seems haproxy was doing wrong pointer arithmetic to update the ticket ring correctly.
2025-08-07 23:56:57 +02:00 · 2015-08-20 18:25:17 +05:30 · 2015-08-20 18:25:17 +05:30 · cc79b003cb
commit cc79b003cb
parent d8e42b6b3a
2 changed files with 4 additions and 4 deletions
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@ -1933,8 +1933,8 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line)
 					return 1;
 				}

-				memcpy(appctx->ctx.tlskeys.ref->tlskeys + 2 % TLS_TICKETS_NO, trash.str, trash.len);
-				appctx->ctx.tlskeys.ref->tls_ticket_enc_index = appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 1 % TLS_TICKETS_NO;
+				memcpy(appctx->ctx.tlskeys.ref->tlskeys + ((appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO), trash.str, trash.len);
+				appctx->ctx.tlskeys.ref->tls_ticket_enc_index = (appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;

 				appctx->ctx.cli.msg = "TLS ticket key updated!";
 				appctx->st0 = STAT_CLI_PRINT;
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -500,8 +500,8 @@ int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err) {
 		return 1;
 	}

-	memcpy((char *) (ref->tlskeys + 2 % TLS_TICKETS_NO), tlskey->str, tlskey->len);
-	ref->tls_ticket_enc_index = ref->tls_ticket_enc_index + 1 % TLS_TICKETS_NO;
+	memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)), tlskey->str, tlskey->len);
+	ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;

 	return 0;
 }