MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'. We don't want to load these files found in directories specified in "crt" or "crt-list". These suffixes are reserved for OCSP stapling.

commit: 2aab722dc14e2d5c1fd8369dc96bc8f73d737438 [log] [tgz]
author: Emeric Brun <ebrun@haproxy.com> Wed Jun 18 18:15:09 2014 +0200
committer: Willy Tarreau <w@1wt.eu> Wed Jun 18 18:24:55 2014 +0200
tree: ec36c2f76a1b985995494964238bda352ef2739a
parent: 26202760a43fbfc5b74218951a7379b70e6f5d4c [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8fb8b5f..2bbad17 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -868,6 +868,10 @@
 		*end = 0;
 
 	while ((de = readdir(dir))) {
+		end = strrchr(de->d_name, '.');
+		if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp")))
+			continue;
+
 		snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
 		if (stat(fp, &buf) != 0) {
 			memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
commit	2aab722dc14e2d5c1fd8369dc96bc8f73d737438	[log] [tgz]
author	Emeric Brun <ebrun@haproxy.com>	Wed Jun 18 18:15:09 2014 +0200
committer	Willy Tarreau <w@1wt.eu>	Wed Jun 18 18:24:55 2014 +0200
tree	ec36c2f76a1b985995494964238bda352ef2739a
parent	26202760a43fbfc5b74218951a7379b70e6f5d4c [diff]