MINOR: ssl/cli: disallow SSL options for directory in 'add ssl crt-list'
Allowing the use of SSL options and filters when adding a file in a
directory is not really consistent with the reload of HAProxy. Disable
the ability to use these options if one try to use them with a directory.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 376e624..9313f5e 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -11445,6 +11445,12 @@
goto error;
}
+ /* this is supposed to be a directory (EB_ROOT_UNIQUE), so no ssl_conf are allowed */
+ if ((entry->ssl_conf || entry->filters) && eb_gettag(crtlist->entries.b[EB_RGHT])) {
+ memprintf(&err, "this is a directory, SSL configuration and filters are not allowed");
+ goto error;
+ }
+
LIST_ADDQ(&crtlist->ord_entries, &entry->by_crtlist);
entry->crtlist = crtlist;
LIST_ADDQ(&store->crtlist_entry, &entry->by_ckch_store);