BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)

This bugfix is the same as the following one:
    "BUG/MINOR: ssl_ckch: Wrong OCSP CID after modifying an SSL certficate"
where the OCSP CID had to be reset when updating a certificate.

Must be backported to 2.8.

(cherry picked from commit 917f7c74d3d30a3f7ac77fd6ea69cfcd529e53a9)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/hlua.c b/src/hlua.c
index 2b4a983..8902157 100644 (file)
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -12911,6 +12911,13 @@ __LJMP static int hlua_ckch_set(lua_State *L)
                        goto end;
                }
 
+               /* Reset the OCSP CID */
+               if (cert_ext->type == CERT_TYPE_PEM || cert_ext->type == CERT_TYPE_KEY ||
+                   cert_ext->type == CERT_TYPE_ISSUER) {
+                       OCSP_CERTID_free(new_ckchs->data->ocsp_cid);
+                       new_ckchs->data->ocsp_cid = NULL;
+               }
+
                /* apply the change on the duplicate */
                if (cert_ext->load(filename, payload, data, &err) != 0) {
                        memprintf(&err, "%sCan't load the payload for '%s'", err ? err : "", cert_ext->ext);