BUG/MEDIUM: ssl: crt-list must continue parsing on ERR_WARN

The original crt-list parsing was stopping at any non-zero value in
the cfgerr variable, even warnings.

This is an issue as it could lead to a crt-list parsing stopped at the
first warning, then HAProxy launched with a partial crt-list.

A ERR_WARN must continue the parsing. The parsing must be only
stopped on an ERR_CODE.

This commit is 2.1 only since it was fixed
in 2.2 by commit 2954c47 ("MEDIUM: ssl: allow crt-list caching")
and accidently in 2.0 by commit b131c87 ("CLEANUP: ssl: make
ssl_sock_load_cert*() return real error codes") as well as in 1.9 and
1.8.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index adf06dd..574cd15 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4364,7 +4364,7 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
                        }
                        line++;
                }
-               if (cfgerr)
+               if (cfgerr & ERR_CODE)
                        break;
                args[arg++] = line;
 
@@ -4409,7 +4409,7 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
                        }
                }
 
-               if (cfgerr) {
+               if (cfgerr & ERR_CODE) {
                        ssl_sock_free_ssl_conf(ssl_conf);
                        free(ssl_conf);
                        ssl_conf = NULL;
@@ -4428,7 +4428,7 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
                else
                        cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
 
-               if (cfgerr) {
+               if (cfgerr & ERR_CODE) {
                        memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
                        break;
                }