BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list

In issue #970 it was reported that the bundle loading does not work
anymore with crt-list.

This bug was introduced by 47da821 ("MEDIUM: ssl: emulates the
multi-cert bundles in the crtlist") which incorrectly uses "path"
instead of "crt_path" in the name resolution.

Must be backported to 2.3.

(cherry picked from commit 86c2dd60f1a0b8332a6ffc6e95dca27470fe44f7)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 5f5942b..ac2d849 100644 (file)
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -447,7 +447,6 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
        struct crtlist *newlist;
        struct crtlist_entry *entry = NULL;
        char thisline[CRT_LINESIZE];
-       char path[MAXPATHLEN+1];
        FILE *f;
        struct stat buf;
        int linenum = 0;
@@ -470,6 +469,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
                char *end;
                char *line = thisline;
                char *crt_path;
+               char path[MAXPATHLEN+1];
                struct ckch_store *ckchs;
 
                if (missing_lf != -1) {
@@ -564,7 +564,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
                                        struct stat buf;
                                        int ret;
 
-                                       ret = snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
+                                       ret = snprintf(fp, sizeof(fp), "%s.%s", crt_path, SSL_SOCK_KEYTYPE_NAMES[n]);
                                        if (ret > sizeof(fp))
                                                continue;