BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list
In issue #970 it was reported that the bundle loading does not work
anymore with crt-list.
This bug was introduced by 47da821 ("MEDIUM: ssl: emulates the
multi-cert bundles in the crtlist") which incorrectly uses "path"
instead of "crt_path" in the name resolution.
Must be backported to 2.3.
(cherry picked from commit 86c2dd60f1a0b8332a6ffc6e95dca27470fe44f7)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 5f5942b..ac2d849 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -447,7 +447,6 @@
struct crtlist *newlist;
struct crtlist_entry *entry = NULL;
char thisline[CRT_LINESIZE];
- char path[MAXPATHLEN+1];
FILE *f;
struct stat buf;
int linenum = 0;
@@ -470,6 +469,7 @@
char *end;
char *line = thisline;
char *crt_path;
+ char path[MAXPATHLEN+1];
struct ckch_store *ckchs;
if (missing_lf != -1) {
@@ -564,7 +564,7 @@
struct stat buf;
int ret;
- ret = snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
+ ret = snprintf(fp, sizeof(fp), "%s.%s", crt_path, SSL_SOCK_KEYTYPE_NAMES[n]);
if (ret > sizeof(fp))
continue;