MINOR: ssl: Add helper function to add cafile entries

Adds a way to insert a new uncommitted cafile_entry in the tree. This
entry will be the one fetched by any lookup in the tree unless the
oldest cafile_entry is explicitely looked for. This way, until a "commit
ssl ca-file" command is completed, there could be two cafile_entries
with the same path in the tree, the original one and the newly updated
one.

diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index dd68662b58b1bec36d9c5b0fb6e04879fb120cee..54c3c94a6901ab5c8366735605d11258ca0775a7 100644 (file)
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -59,6 +59,7 @@ void ckch_inst_add_cafile_link(struct ckch_inst *ckch_inst, struct bind_conf *bi
 /* ssl_store functions */
 struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry);
 X509_STORE* ssl_store_get0_locations_file(char *path);
+int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry);
 struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store);
 void ssl_store_delete_cafile_entry(struct cafile_entry *ca_e);
 int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf);

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 10123b4fab90fee9c3fe360412a265b78575beb3..3664ae624182b007327fb4b814d0e3a47c6c57ed 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -961,6 +961,11 @@ struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry)
        return ca_e;
 }
 
+int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry)
+{
+       return (ebst_insert(&cafile_tree, &entry->node) != &entry->node);
+}
+
 X509_STORE* ssl_store_get0_locations_file(char *path)
 {
        struct cafile_entry *ca_e = ssl_store_get_cafile_entry(path, 0);