BUG/MINOR: ssl: Fix OCSP_CERTID leak when same certificate is used multiple times If a given certificate is used multiple times in a configuration, the ocsp_cid field would have been overwritten during each ssl_sock_load_ocsp call even if it was previously filled. This patch does not need to be backported.

commit: 2d1daa8095023dde8738ed4d8b62bc5ad436a8bb [log] [tgz]
author: Remi Tricot-Le Breton <rlebreton@haproxy.com> Mon Jan 09 12:02:47 2023 +0100
committer: William Lallemand <wlallemand@haproxy.org> Mon Jan 09 15:43:41 2023 +0100
tree: c2fc9dab0852a066992bec697d14988c1bebce2e
parent: fc92b8bda549632985f9d861165975290cfa7791 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index efa31ea..18d006f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -1150,7 +1150,8 @@
 	if (!issuer)
 		goto out;
 
-	data->ocsp_cid = OCSP_cert_to_id(0, x, issuer);
+	if (!data->ocsp_cid)
+		data->ocsp_cid = OCSP_cert_to_id(0, x, issuer);
 	if (!data->ocsp_cid)
 		goto out;
commit	2d1daa8095023dde8738ed4d8b62bc5ad436a8bb	[log] [tgz]
author	Remi Tricot-Le Breton <rlebreton@haproxy.com>	Mon Jan 09 12:02:47 2023 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Mon Jan 09 15:43:41 2023 +0100
tree	c2fc9dab0852a066992bec697d14988c1bebce2e
parent	fc92b8bda549632985f9d861165975290cfa7791 [diff]