Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 99cc21851fbdcc3331250e14f17c0df860518c54^! / .
commit99cc21851fbdcc3331250e14f17c0df860518c54[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Thu Jun 25 15:19:51 2020 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Thu Jun 25 15:40:10 2020 +0200
tree6809d2b32ec27dc7b0f6c033655bf7612e15ce5f
parentc54e5ad9cc60bc81ffdcd31e7d4d007d4bd592e1 [diff]
MINOR: cli/ssl: handle trailing slashes in crt-list commands

Trailing slashes were not handled in crt-list commands on CLI which can
be useful when you use the commands with a directory.

Strip the slashes before looking for the crtlist in the tree.

diff --git a/reg-tests/ssl/add_ssl_crt-list.vtc b/reg-tests/ssl/add_ssl_crt-list.vtc
index b5ca779..6d3308b 100644
--- a/reg-tests/ssl/add_ssl_crt-list.vtc
+++ b/reg-tests/ssl/add_ssl_crt-list.vtc

@@ -70,11 +70,11 @@
     echo "new ssl cert ${testdir}/ecdsa.pem" | socat "${tmpdir}/h1/stats" -
     printf "set ssl cert ${testdir}/ecdsa.pem <<\n$(cat ${testdir}/ecdsa.pem)\n\n" | socat "${tmpdir}/h1/stats" -
     echo "commit ssl cert ${testdir}/ecdsa.pem" | socat "${tmpdir}/h1/stats" -
-    printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem [ssl-min-ver SSLv3 verify none allow-0rtt] localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
+    printf "add ssl crt-list ${testdir}/localhost.crt-list/ <<\n${testdir}/ecdsa.pem [ssl-min-ver SSLv3 verify none allow-0rtt] localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
     printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem [verify none allow-0rtt]\n\n" | socat "${tmpdir}/h1/stats" -
-    printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
-    printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem\n\n" | socat "${tmpdir}/h1/stats" -
-    printf "add ssl crt-list ${testdir}/localhost.crt-list ${testdir}/ecdsa.pem\n" | socat "${tmpdir}/h1/stats" -
+    printf "add ssl crt-list ${testdir}/localhost.crt-list/// <<\n${testdir}/ecdsa.pem localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
+    printf "add ssl crt-list ${testdir}/localhost.crt-list///// <<\n${testdir}/ecdsa.pem\n\n" | socat "${tmpdir}/h1/stats" -
+    printf "add ssl crt-list ${testdir}/localhost.crt-list// ${testdir}/ecdsa.pem\n" | socat "${tmpdir}/h1/stats" -
 }
 
 haproxy h1 -cli {
@@ -83,7 +83,7 @@
 }
 
 haproxy h1 -cli {
-    send "show ssl crt-list ${testdir}/localhost.crt-list"
+    send "show ssl crt-list ${testdir}/localhost.crt-list//"
     # check the options and the filters in any order
     expect ~ ".*${testdir}/ecdsa.pem \\[(?=.*verify none)(?=.*allow-0rtt)(?=.*ssl-min-ver SSLv3).*\\](?=.*!www.test1.com)(?=.*localhost).*"
 }

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index def0e22..2ef3a37 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c

@@ -824,6 +824,7 @@
 	struct ebmb_node *lnode;
 	char *filename = NULL;
 	int mode;
+	char *end;
 
 	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
 		return 1;
@@ -843,6 +844,12 @@
 		return cli_err(appctx, "'show ssl crt-list -n' expects a filename or a directory\n");
 
 	if (filename && *filename) {
+
+
+		/* strip trailing slashes, including first one */
+		for (end = filename + strlen(filename) - 1; end >= filename && *end == '/'; end--)
+			*end = 0;
+
 		lnode = ebst_lookup(&crtlists_tree, filename);
 		if (lnode == NULL)
 			return cli_err(appctx, "didn't find the specified filename\n");
@@ -1017,6 +1024,7 @@
 	struct ebpt_node *inserted;
 	struct crtlist *crtlist;
 	struct crtlist_entry *entry = NULL;
+	char *end;
 
 	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
 		return 1;
@@ -1026,6 +1034,10 @@
 
 	crtlist_path = args[3];
 
+	/* strip trailing slashes, including first one */
+	for (end = crtlist_path + strlen(crtlist_path) - 1; end >= crtlist_path && *end == '/'; end--)
+		*end = 0;
+
 	if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
 		return cli_err(appctx, "Operations on certificates are currently locked!\n");
 
@@ -1151,6 +1163,7 @@
 	struct ckch_inst *inst, *inst_s;
 	int linenum = 0;
 	char *colons;
+	char *end;
 
 	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
 		return 1;
@@ -1175,6 +1188,11 @@
 		}
 		*colons = '\0';
 	}
+
+	/* strip trailing slashes, including first one */
+	for (end = crtlist_path + strlen(crtlist_path) - 1; end >= crtlist_path && *end == '/'; end--)
+		*end = 0;
+
 	/* look for crtlist */
 	ebmb = ebst_lookup(&crtlists_tree, crtlist_path);
 	if (!ebmb) {