MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'.
We don't want to load these files found in directories specified in "crt" or
"crt-list".
These suffixes are reserved for OCSP stapling.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8fb8b5f..2bbad17 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -868,6 +868,10 @@
*end = 0;
while ((de = readdir(dir))) {
+ end = strrchr(de->d_name, '.');
+ if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp")))
+ continue;
+
snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
if (stat(fp, &buf) != 0) {
memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",