mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-10-27 22:51:02 +01:00
fb00f31af4
If an unknown CA file was first mentioned in an "add ssl crt-list" CLI command, it would result in a call to X509_STORE_load_locations which performs a disk access which is forbidden during runtime. The same would happen if a "ca-verify-file" or "crl-file" was specified. This was due to the fact that the crt-list file parsing and the crt-list related CLI commands parsing use the same functions. The patch simply adds a new parameter to all the ssl_bind parsing functions so that they know if the call is made during init or by the CLI, and the ssl_store_load_locations function can then reject any new cafile_entry creation coming from a CLI call. It can be backported as far as 2.2.
File list: - common.pem: PEM file which may be used by most of the VTC files.