]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3ff9591) | patch
BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded
authorWilliam Lallemand <wlallemand@haproxy.com>
Fri, 6 Nov 2020 15:24:07 +0000 (16:24 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Fri, 6 Nov 2020 15:39:39 +0000 (16:39 +0100)
commit50c03aac0417f7d70f98f31e513441c0fb743110
tree5266590d097cbfacf4bf9b05124a16400074a124tree
parent3ff9591ea21848257f9ae7a7a700654649465c85commit | diff
BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded

In issue #940, it was reported that the crt-list does not work correctly
anymore. Indeed when inserting a crt-list line which use a certificate
previously seen in the crt-list, this one won't be inserted in the SNI
list and will be silently ignored.

This bug was introduced by commit  47da821 "MEDIUM: ssl: emulates the
multi-cert bundles in the crtlist".

This patch also includes a reg-test which tests this issue.

This bugfix must be backported in 2.3.
reg-tests/ssl/simple.crt-list [new file with mode: 0644] blob
reg-tests/ssl/ssl_simple_crt-list.vtc [new file with mode: 0644] blob
src/ssl_crtlist.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git