Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 31d463d815d4b40c4502c8bbd62f637c0e0c12db
commit31d463d815d4b40c4502c8bbd62f637c0e0c12db[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.org>Mon Jun 20 16:51:53 2022 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Thu Jul 21 17:13:55 2022 +0200
treed04cf5ed85ae43b2348c91907569db18cf49f6a1
parent398f2b356267f0df44206aef9a5317e3f640cb56 [diff]
BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list

The crash occures when the same certificate which is used on both a
server line and a bind line is inserted in a crt-list over the CLI.

This is quite uncommon as using the same file for a client and a server
certificate does not make sense in a lot of environments.

This patch fixes the issue by skipping the insertion of the SNI when no
bind_conf is available in the ckch_inst.

Change the reg-test to reproduce this corner case.

Should fix issue #1748.

Must be backported as far as 2.2. (it was previously in ssl_sock.c)

(cherry picked from commit cb6c5f468341e1902fae7527bfe76921d9d2aea6)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 90ef04ae80d8a0e7e72957d8112899b437f4fb1f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 0883b83ef95726bed2913b311779fd4e400947e4)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
2 files changed
tree: d04cf5ed85ae43b2348c91907569db18cf49f6a1
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .travis.yml
  16. BRANCHES
  17. CHANGELOG
  18. CONTRIBUTING
  19. INSTALL
  20. LICENSE
  21. MAINTAINERS
  22. Makefile
  23. README
  24. ROADMAP
  25. SUBVERS
  26. VERDATE
  27. VERSION