BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL ssl_store_load_locations_file() is using X509_get_default_cert_dir() when using '@system-ca' as a parameter. This function could return a NULL if OpenSSL was built with a X509_CERT_DIR set to NULL, this is uncommon but let's fix this. No backport needed, 2.6 only. Fix issue #1637.

commit: 80296b4bd502764d00699f0ffe5f65658ffb7142 [log] [tgz]
author: William Lallemand <wlallemand@haproxy.org> Tue Apr 05 10:19:30 2022 +0200
committer: William Lallemand <wlallemand@haproxy.org> Tue Apr 05 10:19:30 2022 +0200
tree: d93532047e572cedfff20ed123994426e2fc903d
parent: 0dbf03871f5c3acb7b72bba05060c401889018c3 [diff]
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 438483c..c047b1c 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c

@@ -1124,7 +1124,7 @@
 			if (!X509_STORE_load_locations(store, file, NULL)) {
 				goto err;
 			}
-		} else {
+		} else if (dir) {
 			int n, i;
 			struct dirent **de_list;
 
@@ -1178,6 +1178,9 @@
 
 			}
 			free(de_list);
+		} else {
+			ha_alert("ca-file: couldn't load '%s'\n", path);
+			goto err;
 		}
 
 		objs = X509_STORE_get0_objects(store);
commit	80296b4bd502764d00699f0ffe5f65658ffb7142	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Tue Apr 05 10:19:30 2022 +0200
committer	William Lallemand <wlallemand@haproxy.org>	Tue Apr 05 10:19:30 2022 +0200
tree	d93532047e572cedfff20ed123994426e2fc903d
parent	0dbf03871f5c3acb7b72bba05060c401889018c3 [diff]