BUG/MINOR: ssl: load correctly @system-ca when ca-base is define

The configuration parser still adds the 'ca-base' directory when loading
the @system-ca, preventing it to be loaded correctly.

This patch fixes the problem by not adding the ca-base when a file
starts by '@'.

Fix issue #2313.

Must be backported as far as 2.6.

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 28fb051..5666336 100644 (file)
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -674,7 +674,7 @@ static int ssl_bind_parse_ca_file_common(char **args, int cur_arg, char **ca_fil
                return ERR_ALERT | ERR_FATAL;
        }
 
-       if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
+       if ((*args[cur_arg + 1] != '/') && (*args[cur_arg + 1] != '@') && global_ssl.ca_base)
                memprintf(ca_file_p, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
        else
                memprintf(ca_file_p, "%s", args[cur_arg + 1]);
@@ -714,7 +714,7 @@ static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, s
                return ERR_ALERT | ERR_FATAL;
        }
 
-       if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
+       if ((*args[cur_arg + 1] != '/') && (*args[cur_arg + 1] != '@') && global_ssl.ca_base)
                memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
        else
                memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
@@ -824,7 +824,7 @@ static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, s
                return ERR_ALERT | ERR_FATAL;
        }
 
-       if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
+       if ((*args[cur_arg + 1] != '/') && (*args[cur_arg + 1] != '@') && global_ssl.ca_base)
                memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
        else
                memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
@@ -1610,7 +1610,7 @@ static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct
                return ERR_ALERT | ERR_FATAL;
        }
 
-       if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
+       if ((*args[*cur_arg + 1] != '/') && (*args[*cur_arg + 1] != '@') && global_ssl.ca_base)
                memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
        else
                memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
@@ -1782,7 +1782,7 @@ static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struc
                return ERR_ALERT | ERR_FATAL;
        }
 
-       if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
+       if ((*args[*cur_arg + 1] != '/') && (*args[*cur_arg + 1] != '@') && global_ssl.ca_base)
                memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
        else
                memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);