Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 24e292c1054616e06b1025441ed7a0a59171d108
commit24e292c1054616e06b1025441ed7a0a59171d108[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Thu Oct 03 23:46:33 2019 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Wed Oct 16 10:21:14 2019 +0200
treeb75586ea0fb8b6d5f3af5b9fe894435ddb77a7a0
parent1cf90c000b37aa64c51e42f7d7a1dccace8340a0 [diff]
BUG/MINOR: ssl: abort on sni allocation failure

The ssl_sock_add_cert_sni() function never return an error when a
sni_ctx allocation fail. It silently ignores the problem and continues
to try to allocate other snis.

It is unlikely that a sni allocation will succeed after one failure and
start a configuration without all the snis. But to avoid any problem we
return a -1 upon an sni allocation error and stop the configuration
parsing.

This patch must be backported in every version supporting the crt-list
sni filters. (as far as 1.5)

(cherry picked from commit fe49bb3d0c046628d67d57da15a7034cc2230432)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
[Cf: slightly adapted for 2.0]
1 file changed
tree: b75586ea0fb8b6d5f3af5b9fe894435ddb77a7a0
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION