commit 0dfae6c315f7e14b1d056f7e11ce5b363f7c1ee7
author William Lallemand <wlallemand@haproxy.com> Wed Oct 16 18:06:58 2019 +0200
committer William Lallemand <wlallemand@haproxy.org> Wed Oct 23 11:54:51 2019 +0200
tree a19ac355ad6ae18ce57b9d1b77b75239432f3e9a
parent 3b5f360744a6b88aa8a0c582a90d894b9a8f7544

MINOR: ssl: load sctl from buf OR from a file

The ssl_sock_load_sctl_from_file() function was modified to
fill directly a struct cert_key_and_chain.

The function prototype was normalized in order to be used with the CLI
payload parser.

This function either read  text from a buffer or read a file on the
filesystem.

It fills the ocsp_response buffer of the struct cert_key_and_chain.

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index cfa910b..a10a357 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1386,44 +1386,57 @@
 	return ret;
 }
 
-static int ssl_sock_load_sctl_from_file(const char *sctl_path,
-					struct buffer **sctl)
+/* Try to load a sctl from a buffer <buf> if not NULL, or read the file <sctl_path>
+ * It fills the ckch->sctl buffer
+ * return 0 on success or != 0 on failure */
+static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct cert_key_and_chain *ckch, char **err)
 {
 	int fd = -1;
 	int r = 0;
 	int ret = 1;
+	struct buffer tmp;
+	struct buffer *src;
+	struct buffer *sctl;
 
-	*sctl = NULL;
-
-	fd = open(sctl_path, O_RDONLY);
-	if (fd == -1)
-		goto end;
-
-	trash.data = 0;
-	while (trash.data < trash.size) {
-		r = read(fd, trash.area + trash.data, trash.size - trash.data);
-		if (r < 0) {
-			if (errno == EINTR)
-				continue;
-
+	if (buf) {
+		tmp.area = buf;
+		tmp.data = strlen(buf);
+		tmp.size = tmp.data + 1;
+		src = &tmp;
+	} else {
+		fd = open(sctl_path, O_RDONLY);
+		if (fd == -1)
 			goto end;
-		}
-		else if (r == 0) {
-			break;
+
+		trash.data = 0;
+		while (trash.data < trash.size) {
+			r = read(fd, trash.area + trash.data, trash.size - trash.data);
+			if (r < 0) {
+				if (errno == EINTR)
+					continue;
+				goto end;
+			}
+			else if (r == 0) {
+				break;
+			}
+			trash.data += r;
 		}
-		trash.data += r;
+		src = &trash;
 	}
 
-	ret = ssl_sock_parse_sctl(&trash);
+	ret = ssl_sock_parse_sctl(src);
 	if (ret)
 		goto end;
 
-	*sctl = calloc(1, sizeof(**sctl));
-	if (!chunk_dup(*sctl, &trash)) {
-		free(*sctl);
-		*sctl = NULL;
+	sctl = calloc(1, sizeof(*sctl));
+	if (!chunk_dup(sctl, src)) {
+		free(sctl);
+		sctl = NULL;
 		goto end;
 	}
+	ret = 0;
+	/* TODO: free the previous SCTL in the ckch */
+	ckch->sctl = sctl;
 
 end:
 	if (fd != -1)
@@ -3035,7 +3048,7 @@
 
 		snprintf(fp, MAXPATHLEN+1, "%s.sctl", path);
 		if (stat(fp, &st) == 0) {
-			if (ssl_sock_load_sctl_from_file(fp, &ckch->sctl)) {
+			if (ssl_sock_load_sctl_from_file(fp, NULL, ckch, err)) {
 				memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
 					  *err ? *err : "", fp);
 				ret = 1;