BUG/MINOR: ssl/cli: lock the ckch structures during crt-list delete The cli_parse_del_crtlist() does unlock the ckch big lock, but it does not lock it at the beginning of the function which is dangerous. As a side effect it let the structures locked once it called the unlock. This bug was introduced by 0a9b941 ("MINOR: ssl/cli: 'del ssl crt-list' delete an entry")

commit: 463b5242985f01d0d162b6eb74c9ca0da728f3e1 [log] [tgz]
author: William Lallemand <wlallemand@haproxy.com> Wed Apr 08 10:30:44 2020 +0200
committer: William Lallemand <wlallemand@haproxy.org> Wed Apr 08 10:39:38 2020 +0200
tree: db081dcb240425fa405cf63c41d34ab881a75ec9
parent: 6e18f92d4f629eaef50bc9f60a62ac71fa671888 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b167045..e916605 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -11512,6 +11512,9 @@
 	if (!*args[3] || !*args[4])
 		return cli_err(appctx, "'del ssl crtlist' expects a filename and a certificate name\n");
 
+	if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
+		return cli_err(appctx, "Can't delete!\nOperations on certificates are currently locked!\n");
+
 	crtlist_path = args[3];
 	cert_path = args[4];
commit	463b5242985f01d0d162b6eb74c9ca0da728f3e1	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.com>	Wed Apr 08 10:30:44 2020 +0200
committer	William Lallemand <wlallemand@haproxy.org>	Wed Apr 08 10:39:38 2020 +0200
tree	db081dcb240425fa405cf63c41d34ab881a75ec9
parent	6e18f92d4f629eaef50bc9f60a62ac71fa671888 [diff]