if (httpclient_ssl_verify == SSL_SOCK_VERIFY_REQUIRED) {
srv_ssl->ssl_ctx.ca_file = strdup(httpclient_ssl_ca_file ? httpclient_ssl_ca_file : "@system-ca");
- if (!ssl_store_load_locations_file(srv_ssl->ssl_ctx.ca_file, 1, CAFILE_CERT)) {
+ if (!__ssl_store_load_locations_file(srv_ssl->ssl_ctx.ca_file, 1, CAFILE_CERT, !hard_error_ssl)) {
/* if we failed to load the ca-file, only quits in
* error with hard_error, otherwise just disable the
* feature. */
/*
* Try to load a ca-file from disk into the ca-file cache.
- *
+ * <shuterror> allows you to to stop emitting the errors.
* Return 0 upon error
*/
-int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_type type)
+int __ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_type type, int shuterror)
{
X509_STORE *store = ssl_store_get0_locations_file(path);
store = X509_STORE_new();
if (!store) {
- ha_alert("Cannot allocate memory!\n");
+ if (!shuterror)
+ ha_alert("Cannot allocate memory!\n");
goto err;
}
if (strcmp(path, "@system-ca") == 0) {
dir = X509_get_default_cert_dir();
if (!dir) {
- ha_alert("Couldn't get the system CA directory from X509_get_default_cert_dir().\n");
+ if (!shuterror)
+ ha_alert("Couldn't get the system CA directory from X509_get_default_cert_dir().\n");
goto err;
}
} else {
if (stat(path, &buf) == -1) {
- ha_alert("Couldn't open the ca-file '%s' (%s).\n", path, strerror(errno));
+ if (!shuterror)
+ ha_alert("Couldn't open the ca-file '%s' (%s).\n", path, strerror(errno));
goto err;
}
if (file) {
if (!X509_STORE_load_locations(store, file, NULL)) {
e = ERR_get_error();
- ha_alert("Couldn't open the ca-file '%s' (%s).\n", path, ERR_reason_error_string(e));
+ if (!shuterror)
+ ha_alert("Couldn't open the ca-file '%s' (%s).\n", path, ERR_reason_error_string(e));
goto err;
}
} else if (dir) {
BIO_free(in);
free(de);
/* warn if it can load one of the files, but don't abort */
- ha_warning("ca-file: '%s' couldn't load '%s' (%s)\n", path, trash.area, ERR_reason_error_string(e));
+ if (!shuterror)
+ ha_warning("ca-file: '%s' couldn't load '%s' (%s)\n", path, trash.area, ERR_reason_error_string(e));
}
free(de_list);
} else {
- ha_alert("ca-file: couldn't load '%s'\n", path);
+ if (!shuterror)
+ ha_alert("ca-file: couldn't load '%s'\n", path);
goto err;
}
objs = X509_STORE_get0_objects(store);
cert_count = sk_X509_OBJECT_num(objs);
if (cert_count == 0) {
- ha_warning("ca-file: 0 CA were loaded from '%s'\n", path);
+ if (!shuterror)
+ ha_warning("ca-file: 0 CA were loaded from '%s'\n", path);
}
ca_e = ssl_store_create_cafile_entry(path, store, type);
if (!ca_e) {
- ha_alert("Cannot allocate memory!\n");
+ if (!shuterror)
+ ha_alert("Cannot allocate memory!\n");
goto err;
}
ebst_insert(&cafile_tree, &ca_e->node);
}
+int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_type type)
+{
+ return __ssl_store_load_locations_file(path, create_if_none, type, 0);
+}
/*************************** CLI commands ***********************/
projects / thirdparty / haproxy.git / commitdiff
