From ff3a41eb3f990ee1cc25a5fa961fe8e490254d0c Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Thu, 23 Nov 2017 09:13:32 +0100 Subject: [PATCH] BUG/MINOR: Use crt_base instead of ca_base when crt is parsed on a server line In srv_parse_crt, crt_base was checked but ca_base was used to build the certifacte path. This patch must be backported in 1.7, 1.6 and 1.5. --- src/ssl_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 24bb36877..0fca243d2 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -7714,7 +7714,7 @@ static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct ser } if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base) - memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]); + memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]); else memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);