BUG/MINOR: ssl/crt-list: load bundle in crt-list only if activated

author William Lallemand <wlallemand@haproxy.org>

Fri, 20 Nov 2020 17:23:40 +0000 (18:23 +0100)

committer Christopher Faulet <cfaulet@haproxy.com>

Tue, 24 Nov 2020 13:39:43 +0000 (14:39 +0100)
author William Lallemand <wlallemand@haproxy.org>
Fri, 20 Nov 2020 17:23:40 +0000 (18:23 +0100)
committer Christopher Faulet <cfaulet@haproxy.com>
Tue, 24 Nov 2020 13:39:43 +0000 (14:39 +0100)
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c

index ac2d849..8e9e5a1 100644 (file)
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -550,7 +550,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
                                 LIST_ADDQ(&newlist->ord_entries, &entry->by_crtlist);
                                 LIST_ADDQ(&ckchs->crtlist_entry, &entry->by_ckch_store);
  
-                       } else {
+                       } else if (global_ssl.extra_files & SSL_GF_BUNDLE) {
                                 /* If we didn't find the file, this could be a
                                 bundle, since 2.3 we don't support multiple
                                 certificate in the same OpenSSL store, so we
author	William Lallemand <wlallemand@haproxy.org>
	Fri, 20 Nov 2020 17:23:40 +0000 (18:23 +0100)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Tue, 24 Nov 2020 13:39:43 +0000 (14:39 +0100)