mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-28 14:21:00 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl/cli: error when the ca-file is empty

Browse Source 
"set ssl ca-file" does not return any error when a ca-file is empty or
only contains comments. This could be a problem is the file was
malformated and did not contain any PEM header.

It must be backported as far as 2.5.
This commit is contained in:
William Lallemand 2022-08-18 15:53:02 +02:00
parent 86a53c5669
commit ec7eb59d20
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/ssl_ckch.c
View File

@ -1140,7 +1140,8 @@ int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf)
retval = !X509_STORE_add_crl(ca_e->ca_store, info->crl);
}
}
retval = retval || (i != sk_X509_INFO_num(infos));
/* return an error if we didn't compute all the X509_INFO or if there was none */
retval = retval || (i != sk_X509_INFO_num(infos)) || ( sk_X509_INFO_num(infos) == 0);
/* Cleanup */
sk_X509_INFO_pop_free(infos, X509_INFO_free);