MINOR: ssl: load certificates in alphabetical order

As reported by Raphaël Enrici, certificates loaded from a directory are loaded
in a non predictive order. If no certificate was first loaded from a file, it
can result in different behaviours when haproxy is used in cluster.
We can also imagine other cases which weren't met yet.

Instead of using readdir(), we can use scandir() and sort files alphabetically.
This will ensure a predictive behaviour.

This patch should also be backported to 1.5.
(cherry picked from commit 3180f7b55434f19ba65f262dea450c93c769228b)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b73d6f9..2614dd6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1308,7 +1308,8 @@
 
 int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
 {
-	struct dirent *de;
+	struct dirent **de_list;
+	int i, n;
 	DIR *dir;
 	struct stat buf;
 	char *end;
@@ -1322,21 +1323,34 @@
 	for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
 		*end = 0;
 
-	while ((de = readdir(dir))) {
-		end = strrchr(de->d_name, '.');
-		if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp")))
-			continue;
+	n = scandir(path, &de_list, 0, alphasort);
+	if (n < 0) {
+		memprintf(err, "%sunable to scan directory '%s' : %s.\n",
+			  err && *err ? *err : "", path, strerror(errno));
+		cfgerr++;
+	}
+	else {
+		for (i = 0; i < n; i++) {
+			struct dirent *de = de_list[i];
 
-		snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
-		if (stat(fp, &buf) != 0) {
-			memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
-			          err && *err ? *err : "", fp, strerror(errno));
-			cfgerr++;
-			continue;
+			end = strrchr(de->d_name, '.');
+			if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp")))
+				goto ignore_entry;
+
+			snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
+			if (stat(fp, &buf) != 0) {
+				memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
+					  err && *err ? *err : "", fp, strerror(errno));
+				cfgerr++;
+				goto ignore_entry;
+			}
+			if (!S_ISREG(buf.st_mode))
+				goto ignore_entry;
+			cfgerr += ssl_sock_load_cert_file(fp, bind_conf, curproxy, NULL, 0, err);
+	ignore_entry:
+			free(de);
 		}
-		if (!S_ISREG(buf.st_mode))
-			continue;
-		cfgerr += ssl_sock_load_cert_file(fp, bind_conf, curproxy, NULL, 0, err);
+		free(de_list);
 	}
 	closedir(dir);
 	return cfgerr;