MINOR: ssl: Add helper function to add cafile entries
Adds a way to insert a new uncommitted cafile_entry in the tree. This
entry will be the one fetched by any lookup in the tree unless the
oldest cafile_entry is explicitely looked for. This way, until a "commit
ssl ca-file" command is completed, there could be two cafile_entries
with the same path in the tree, the original one and the newly updated
one.
diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index dd68662..54c3c94 100644
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -59,6 +59,7 @@
/* ssl_store functions */
struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry);
X509_STORE* ssl_store_get0_locations_file(char *path);
+int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry);
struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store);
void ssl_store_delete_cafile_entry(struct cafile_entry *ca_e);
int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf);
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 10123b4..3664ae6 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -961,6 +961,11 @@
return ca_e;
}
+int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry)
+{
+ return (ebst_insert(&cafile_tree, &entry->node) != &entry->node);
+}
+
X509_STORE* ssl_store_get0_locations_file(char *path)
{
struct cafile_entry *ca_e = ssl_store_get_cafile_entry(path, 0);