};
+/* Option through which a cafile_entry was created, either
+ * ca-file/ca-verify-file or crl-file. */
+enum cafile_type {
+ CAFILE_CERT,
+ CAFILE_CRL
+};
+
/*
* deduplicate cafile (and crlfile)
*/
X509_STORE *ca_store;
STACK_OF(X509_NAME) *ca_list;
struct list ckch_inst_link; /* list of ckch_inst which use this CA file entry */
+ enum cafile_type type;
struct ebmb_node node;
char path[0];
};
struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry);
X509_STORE* ssl_store_get0_locations_file(char *path);
int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry);
-struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store);
+struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store, enum cafile_type type);
void ssl_store_delete_cafile_entry(struct cafile_entry *ca_e);
int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf);
-int ssl_store_load_locations_file(char *path, int create_if_none);
+int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_type type);
#endif /* USE_OPENSSL */
#endif /* _HAPROXY_SSL_CRTLIST_H */
else
memprintf(ca_file_p, "%s", args[cur_arg + 1]);
- if (!ssl_store_load_locations_file(*ca_file_p, !from_cli)) {
+ if (!ssl_store_load_locations_file(*ca_file_p, !from_cli, CAFILE_CERT)) {
memprintf(err, "'%s' : unable to load %s", args[cur_arg], *ca_file_p);
return ERR_ALERT | ERR_FATAL;
}
else
memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
- if (!ssl_store_load_locations_file(conf->crl_file, !from_cli)) {
+ if (!ssl_store_load_locations_file(conf->crl_file, !from_cli, CAFILE_CRL)) {
memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->crl_file);
return ERR_ALERT | ERR_FATAL;
}
else
memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
- if (!ssl_store_load_locations_file(newsrv->ssl_ctx.ca_file, 1)) {
+ if (!ssl_store_load_locations_file(newsrv->ssl_ctx.ca_file, 1, CAFILE_CERT)) {
memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.ca_file);
return ERR_ALERT | ERR_FATAL;
}
else
memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
- if (!ssl_store_load_locations_file(newsrv->ssl_ctx.crl_file, 1)) {
+ if (!ssl_store_load_locations_file(newsrv->ssl_ctx.crl_file, 1, CAFILE_CRL)) {
memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.crl_file);
return ERR_ALERT | ERR_FATAL;
}
}
/* Create a cafile_entry object, without adding it to the cafile_tree. */
-struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store)
+struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store, enum cafile_type type)
{
struct cafile_entry *ca_e;
int pathlen;
if (ca_e) {
memcpy(ca_e->path, path, pathlen + 1);
ca_e->ca_store = store;
+ ca_e->type = type;
LIST_INIT(&ca_e->ckch_inst_link);
}
return ca_e;
return retval;
}
-int ssl_store_load_locations_file(char *path, int create_if_none)
+int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_type type)
{
X509_STORE *store = ssl_store_get0_locations_file(path);
struct cafile_entry *ca_e;
store = X509_STORE_new();
if (X509_STORE_load_locations(store, path, NULL)) {
- ca_e = ssl_store_create_cafile_entry(path, store);
+ ca_e = ssl_store_create_cafile_entry(path, store, type);
if (ca_e) {
ebst_insert(&cafile_tree, &ca_e->node);
}
ssl_store_delete_cafile_entry(appctx->ctx.ssl.new_cafile_entry);
/* Create a new cafile_entry without adding it to the cafile tree. */
- appctx->ctx.ssl.new_cafile_entry = ssl_store_create_cafile_entry(appctx->ctx.ssl.path, NULL);
+ appctx->ctx.ssl.new_cafile_entry = ssl_store_create_cafile_entry(appctx->ctx.ssl.path, NULL, CAFILE_CERT);
if (!appctx->ctx.ssl.new_cafile_entry) {
memprintf(&err, "%sCannot allocate memory!\n",
err ? err : "");
projects / thirdparty / haproxy.git / commitdiff
