From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Wed, 7 Feb 2024 15:38:40 +0000 (+0100)
Subject: BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
X-Git-Tag: v2.9.5~35
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=58c3469;p=haproxy-2.9.git

BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch

When calling ckchs_dup (during a "set ssl cert" CLI command), if the
modified store had OCSP auto update enabled then the new certificate
would not keep the previous update mode and would not appear in the auto
update list.

This patch can be backported to 2.8.

(cherry picked from commit 1fda0a52029ba5fe5ea4e31da7a71ba94b217170)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index db31602..f442404 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -793,6 +793,8 @@ struct ckch_data *ssl_sock_copy_cert_key_and_chain(struct ckch_data *src,
 
 	dst->ocsp_cid = OCSP_CERTID_dup(src->ocsp_cid);
 
+	dst->ocsp_update_mode = src->ocsp_update_mode;
+
 	return dst;
 
 error: