projects / haproxy-2.3.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1945529) | patch
BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store
authorWilliam Lallemand <wlallemand@haproxy.org>
Mon, 1 Feb 2021 14:31:00 +0000 (15:31 +0100)
committerWilly Tarreau <w@1wt.eu>
Thu, 4 Feb 2021 16:32:44 +0000 (17:32 +0100)
commit3d6ebec8d3a957e191b70b67fe9682cb79c107c4
treee851db6ca97554886d115ed1b600d9d02c40b68etree | snapshot
parent1945529933f00a37383990035d7257020efef520commit | diff
BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store

The "abort ssl cert" command is buggy and removes the current ckch store,
and instances, leading to SNI removal. It must only removes the new one.

This patch also adds a check in set_ssl_cert.vtc and
set_ssl_server_cert.vtc.

Must be backported as far as 2.2.

(cherry picked from commit 8695ce0bae21238eba660438c819797a245be71e)
[wt: dropped reg-tests/ssl/set_ssl_server_cert.vtc]
Signed-off-by: Willy Tarreau <w@1wt.eu>
reg-tests/ssl/set_ssl_cert.vtc diff | blob | history
src/ssl_ckch.c diff | blob | history
haproxy-2.3 public tree. Stable production code.