From 38c999b11c57eb1aa5ad958eb4c8d87b4995da76 Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Tue, 23 Feb 2021 16:28:43 +0100 Subject: [PATCH] MINOR: ssl: Add helper function to add cafile entries Adds a way to insert a new uncommitted cafile_entry in the tree. This entry will be the one fetched by any lookup in the tree unless the oldest cafile_entry is explicitely looked for. This way, until a "commit ssl ca-file" command is completed, there could be two cafile_entries with the same path in the tree, the original one and the newly updated one. --- include/haproxy/ssl_ckch.h | 1 + src/ssl_ckch.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h index dd68662..54c3c94 100644 --- a/include/haproxy/ssl_ckch.h +++ b/include/haproxy/ssl_ckch.h @@ -59,6 +59,7 @@ void ckch_inst_add_cafile_link(struct ckch_inst *ckch_inst, struct bind_conf *bi /* ssl_store functions */ struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry); X509_STORE* ssl_store_get0_locations_file(char *path); +int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry); struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store); void ssl_store_delete_cafile_entry(struct cafile_entry *ca_e); int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf); diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 10123b4..3664ae6 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -961,6 +961,11 @@ struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry) return ca_e; } +int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry) +{ + return (ebst_insert(&cafile_tree, &entry->node) != &entry->node); +} + X509_STORE* ssl_store_get0_locations_file(char *path) { struct cafile_entry *ca_e = ssl_store_get_cafile_entry(path, 0); -- 1.7.10.4