BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list If a bundle is used in a crt-list, the ssl-min-ver and ssl-max-ver options were not taken into account in entries other than the first one because the corresponding fields in the ssl_bind_conf structure were not copied in crtlist_dup_ssl_conf. This should fix GitHub issue #2069. This patch should be backported up to 2.4.

commit: 6549f53fb60f5870c447447105a26af67a1cc996 [log] [tgz]
author: Remi Tricot-Le Breton <rlebreton@haproxy.com> Tue Mar 14 17:22:24 2023 +0100
committer: William Lallemand <wlallemand@haproxy.org> Fri Mar 31 09:11:51 2023 +0200
tree: 9d7f970bf511904f836be801a2c40a652cf19a70
parent: d32c8e3ccbd18d200c57458c3023643cdc971ef1 [diff] [blame]
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 5d1f5f3..c31714d 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c

@@ -142,6 +142,15 @@
 		if (!dst->ecdhe)
 			goto error;
 	}
+
+	dst->ssl_methods_cfg.flags = src->ssl_methods_cfg.flags;
+	dst->ssl_methods_cfg.min = src->ssl_methods_cfg.min;
+	dst->ssl_methods_cfg.max = src->ssl_methods_cfg.max;
+
+	dst->ssl_methods.flags = src->ssl_methods.flags;
+	dst->ssl_methods.min = src->ssl_methods.min;
+	dst->ssl_methods.max = src->ssl_methods.max;
+
 	return dst;
 
 error:
commit	6549f53fb60f5870c447447105a26af67a1cc996	[log] [tgz]
author	Remi Tricot-Le Breton <rlebreton@haproxy.com>	Tue Mar 14 17:22:24 2023 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Fri Mar 31 09:11:51 2023 +0200
tree	9d7f970bf511904f836be801a2c40a652cf19a70
parent	d32c8e3ccbd18d200c57458c3023643cdc971ef1 [diff] [blame]