BUG/MINOR: ssl/cli: don't overwrite the filters variable When a crt-list line using an already used ckch_store does not contain filters, it will overwrite the ckchs->filters variable with 0. This problem will generate all sni_ctx of this ckch_store without filters. Filters generation mustn't be allowed in any case. Must be backported in 2.1.

commit: 920b0352389be2f615494e6c2b1327b11bfd1dda [log] [tgz]
author: William Lallemand <wlallemand@haproxy.com> Wed Dec 04 15:33:01 2019 +0100
committer: William Lallemand <wlallemand@haproxy.org> Thu Dec 05 00:00:04 2019 +0100
tree: 155dff21e0d822dad95a17a07b1e581f1d096c64
parent: c640ef1a7de5d13504599f85ca3cf3c282128a05 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e0d3f10..57e97fd 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -3858,7 +3858,7 @@
 
 	/* at least one of the instances is using filters during the config
 	 * parsing, that's ok to inherit this during loading on CLI */
-	ckchs->filters = !!fcount;
+	ckchs->filters |= !!fcount;
 
 	/* Process each ckch and update keytypes for each CN/SAN
 	 * for example, if CN/SAN www.a.com is associated with
@@ -4102,7 +4102,7 @@
 
 	/* at least one of the instances is using filters during the config
 	 * parsing, that's ok to inherit this during loading on CLI */
-	ckchs->filters = !!fcount;
+	ckchs->filters |= !!fcount;
 
 	ctx = SSL_CTX_new(SSLv23_server_method());
 	if (!ctx) {
commit	920b0352389be2f615494e6c2b1327b11bfd1dda	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.com>	Wed Dec 04 15:33:01 2019 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Thu Dec 05 00:00:04 2019 +0100
tree	155dff21e0d822dad95a17a07b1e581f1d096c64
parent	c640ef1a7de5d13504599f85ca3cf3c282128a05 [diff]