BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list
If a bundle is used in a crt-list, the ssl-min-ver and ssl-max-ver
options were not taken into account in entries other than the first one
because the corresponding fields in the ssl_bind_conf structure were not
copied in crtlist_dup_ssl_conf.
This should fix GitHub issue #2069.
This patch should be backported up to 2.4.
(cherry picked from commit 6549f53fb60f5870c447447105a26af67a1cc996)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
(cherry picked from commit 43079d46997baa323da3e02165d8a03c78b3fad8)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
(cherry picked from commit a8ee1ba6cd70ce5cd83025baefb6d5c1a8ea12c1)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
(cherry picked from commit 48cb7cf0acf163492ce08bc3cec474c69580e526)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index afb7aba..894a690 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -117,6 +117,15 @@
if (!dst->ecdhe)
goto error;
}
+
+ dst->ssl_methods_cfg.flags = src->ssl_methods_cfg.flags;
+ dst->ssl_methods_cfg.min = src->ssl_methods_cfg.min;
+ dst->ssl_methods_cfg.max = src->ssl_methods_cfg.max;
+
+ dst->ssl_methods.flags = src->ssl_methods.flags;
+ dst->ssl_methods.min = src->ssl_methods.min;
+ dst->ssl_methods.max = src->ssl_methods.max;
+
return dst;
error: