BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases
When changes on a certificate are commited, a trash buffer is used to create
the response. Once done, the message is copied in the response buffer.
However, if the buffer is full, there is no way to retry and the message is
lost. The same issue may happen with the error message. It is a design issue
of cli_io_handler_commit_cert() function.
To fix it, the function was reworked. First, the error message is now part
of the service context. This way, if we cannot push the error message in the
reponse buffer, we may retry later. To do so, a dedicated state was created
(CERT_ST_ERROR). Then, the success message is also handled in a dedicated
state (CERT_ST_SUCCESS). This way we are able to retry to push it if
necessary. Finally, the dot displayed for each updated CKCH instance is now
immediatly pushed in the response buffer, and before the update. This way,
we are able to retry too if necessary.
This patch should fix the issue #1725. It must be backported as far as
2.2. But massive refactoring was performed in 2.6. So, for the 2.5 and
below, the patch must be adapted.
(cherry picked from commit 9d56e248a63b053b7c78ca9075fa5ce713599941)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit a684730eff43ce898733d5443a5c7948daa2cefe)
[cf: As expected, the patch was highly adapted]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit dbf5eebcdf2588f59db45b5b3a12a2e44e4aab58)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
3 files changed