From d85227fca20a5c793857c1632283ef4a2120285a Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 7 Feb 2023 17:06:35 +0100
Subject: [PATCH] BUG/MINOR: ssl/crt-list: warn when a line is malformated

Display a warning when some text exists between the filename and the
options. This part is completely ignored so if there are filters here,
they were never parsed.

This could be backported in every versions. In the older versions, the
parsing was done in ssl_sock_load_cert_list_file() in ssl_sock.c.
---
 src/ssl_crtlist.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 825f38047..31428d63b 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -403,6 +403,11 @@ int crtlist_parse_line(char *line, char **crt_path, struct crtlist_entry *entry,
 	*crt_path = args[0];
 
 	if (ssl_b) {
+		if (ssl_b > 1) {
+			memprintf(err, "parsing [%s:%d]: malformated line, filters can't be between filename and options!", file, linenum);
+			cfgerr |= ERR_WARN;
+		}
+
 		ssl_conf = calloc(1, sizeof *ssl_conf);
 		if (!ssl_conf) {
 			memprintf(err, "not enough memory!");