MINOR: ssl: Added multi cert support for crt-list config keyword Added support for loading mutiple certs into shared contexts when they are specified in a crt-list Note that it's not practical to support SNI filters with multicerts, so any SNI filters that's provided to the crt-list is ignored if a multi-cert opertion is used.

commit: 1b04e5b0e0ced15345f5451ca417b9ef08f422a0 [log] [tgz]
author: yanbzhu <yanbzhu@cisco.com> Wed Dec 02 13:54:14 2015 -0500
committer: Willy Tarreau <w@1wt.eu> Mon Dec 14 11:22:29 2015 +0100
tree: c5408e7d0a6a5fbabb2c0f2cfcf995c59b401737
parent: 08ce6ab0c9fdad9cca599984b94cb58e63191116 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5226a49..d058e4f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -2283,6 +2283,7 @@
 {
 	char thisline[LINESIZE];
 	FILE *f;
+	struct stat buf;
 	int linenum = 0;
 	int cfgerr = 0;
 
@@ -2341,7 +2342,12 @@
 		if (!arg)
 			continue;
 
-		cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err);
+		if (stat(args[0], &buf) == 0) {
+			cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err);
+		} else {
+			cfgerr = ssl_sock_load_multi_cert(args[0], bind_conf, curproxy, NULL, err);
+		}
+
 		if (cfgerr) {
 			memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
 			break;
commit	1b04e5b0e0ced15345f5451ca417b9ef08f422a0	[log] [tgz]
author	yanbzhu <yanbzhu@cisco.com>	Wed Dec 02 13:54:14 2015 -0500
committer	Willy Tarreau <w@1wt.eu>	Mon Dec 14 11:22:29 2015 +0100
tree	c5408e7d0a6a5fbabb2c0f2cfcf995c59b401737
parent	08ce6ab0c9fdad9cca599984b94cb58e63191116 [diff]