MINOR: ssl: ignore dotfiles when loading a dir w/ ca-file

Ignore the files starting with a dot when trying to load a directory
with the "ca-file directive".

doc/configuration.txt

@@ -13764,7 +13764,7 @@ ca-file <cafile>
   designates a PEM file from which to load CA certificates used to verify
   client's certificate. It is possible to load a directory containing multiple
   CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and
-  .crl" available in the directory.
+  .crl" available in the directory, files starting with a dot are ignored.
 
 ca-ignore-err [all|<errorID>,...]
   This setting is only available when support for OpenSSL was built in.
@@ -14552,7 +14552,7 @@ ca-file <cafile>
   designates a PEM file from which to load CA certificates used to verify
   server's certificate. It is possible to load a directory containing multiple
   CAs, in this case HAProxy will try to load every ".pem", ".crt", ".cer", and
-  .crl" available in the directory.
+  .crl" available in the directory, files starting with a dot are ignored.
 
   In order to use the trusted CAs of your system, the "@system-ca" parameter
   could be used in place of the cafile. The location of this directory could be

src/ssl_ckch.c

@@ -1216,10 +1216,12 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
 				 * been loaded in an hashed directory loaded by
 				 * X509_LOOKUP_hash_dir, so according to "man 1
 				 * c_rehash", we should load  ".pem", ".crt",
-				 * ".cer", or ".crl"
+				 * ".cer", or ".crl". Files starting with a dot
+				 * are ignored.
 				 */
 				end = strrchr(de->d_name, '.');
-				if (!end || (strcmp(end, ".pem") != 0 &&
+				if (!end || de->d_name[0] == '.' ||
+				    (strcmp(end, ".pem") != 0 &&
 				     strcmp(end, ".crt") != 0 &&
 				     strcmp(end, ".cer") != 0 &&
 				     strcmp(end, ".crl") != 0)) {