BUG/MINOR: ssl/crt-list: load bundle in crt-list only if activated Don't try to load a bundle from a crt-list if the bundle support was disabled with ssl-load-extra-files. Must be backported to 2.3. (cherry picked from commit 7340457158b20fa89d9eba0e231b3a122f5620d3) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

commit: 69d90d7686efa566f6a34b101875abf4b0896fb4 [log] [tgz]
author: William Lallemand <wlallemand@haproxy.org> Fri Nov 20 18:23:40 2020 +0100
committer: Christopher Faulet <cfaulet@haproxy.com> Tue Nov 24 14:39:43 2020 +0100
tree: e5428a88a5a6d37bef63d5ad7690c022686e9da6
parent: 7efbaf127f87419daf94d30847e400f2b6c92eaf [diff] [blame]
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index ac2d849..8e9e5a1 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c

@@ -550,7 +550,7 @@
 				LIST_ADDQ(&newlist->ord_entries, &entry->by_crtlist);
 				LIST_ADDQ(&ckchs->crtlist_entry, &entry->by_ckch_store);
 
-			} else {
+			} else if (global_ssl.extra_files & SSL_GF_BUNDLE) {
 				/* If we didn't find the file, this could be a
 				bundle, since 2.3 we don't support multiple
 				certificate in the same OpenSSL store, so we
commit	69d90d7686efa566f6a34b101875abf4b0896fb4	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Fri Nov 20 18:23:40 2020 +0100
committer	Christopher Faulet <cfaulet@haproxy.com>	Tue Nov 24 14:39:43 2020 +0100
tree	e5428a88a5a6d37bef63d5ad7690c022686e9da6
parent	7efbaf127f87419daf94d30847e400f2b6c92eaf [diff] [blame]