BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded
In issue #940, it was reported that the crt-list does not work correctly
anymore. Indeed when inserting a crt-list line which use a certificate
previously seen in the crt-list, this one won't be inserted in the SNI
list and will be silently ignored.
This bug was introduced by commit 47da821 "MEDIUM: ssl: emulates the
multi-cert bundles in the crtlist".
This patch also includes a reg-test which tests this issue.
This bugfix must be backported in 2.3.
(cherry picked from commit 50c03aac0417f7d70f98f31e513441c0fb743110)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 65ca289..5f5942b 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -598,6 +598,12 @@
}
}
}
+ } else {
+ entry->node.key = ckchs;
+ entry->crtlist = newlist;
+ ebpt_insert(&newlist->entries, &entry->node);
+ LIST_ADDQ(&newlist->ord_entries, &entry->by_crtlist);
+ LIST_ADDQ(&ckchs->crtlist_entry, &entry->by_ckch_store);
}
entry = NULL;
}