From d33241508bfa744c58055c30c8792f40a0557979 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Fri, 20 Nov 2020 14:23:38 +0100 Subject: [PATCH] BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list In issue #970 it was reported that the bundle loading does not work anymore with crt-list. This bug was introduced by 47da821 ("MEDIUM: ssl: emulates the multi-cert bundles in the crtlist") which incorrectly uses "path" instead of "crt_path" in the name resolution. Must be backported to 2.3. (cherry picked from commit 86c2dd60f1a0b8332a6ffc6e95dca27470fe44f7) Signed-off-by: Christopher Faulet --- src/ssl_crtlist.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c index 5f5942b..ac2d849 100644 --- a/src/ssl_crtlist.c +++ b/src/ssl_crtlist.c @@ -447,7 +447,6 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu struct crtlist *newlist; struct crtlist_entry *entry = NULL; char thisline[CRT_LINESIZE]; - char path[MAXPATHLEN+1]; FILE *f; struct stat buf; int linenum = 0; @@ -470,6 +469,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu char *end; char *line = thisline; char *crt_path; + char path[MAXPATHLEN+1]; struct ckch_store *ckchs; if (missing_lf != -1) { @@ -564,7 +564,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu struct stat buf; int ret; - ret = snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]); + ret = snprintf(fp, sizeof(fp), "%s.%s", crt_path, SSL_SOCK_KEYTYPE_NAMES[n]); if (ret > sizeof(fp)) continue; -- 1.7.10.4