From 463b5242985f01d0d162b6eb74c9ca0da728f3e1 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 8 Apr 2020 10:30:44 +0200
Subject: [PATCH] BUG/MINOR: ssl/cli: lock the ckch structures during crt-list
 delete

The cli_parse_del_crtlist() does unlock the ckch big lock, but it does
not lock it at the beginning of the function which is dangerous.
As a side effect it let the structures locked once it called the unlock.

This bug was introduced by 0a9b941 ("MINOR: ssl/cli: 'del ssl crt-list'
delete an entry")
---
 src/ssl_sock.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b167045..e916605 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -11512,6 +11512,9 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
 	if (!*args[3] || !*args[4])
 		return cli_err(appctx, "'del ssl crtlist' expects a filename and a certificate name\n");
 
+	if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
+		return cli_err(appctx, "Can't delete!\nOperations on certificates are currently locked!\n");
+
 	crtlist_path = args[3];
 	cert_path = args[4];
 
-- 
1.7.10.4