BUG/MINOR: ssl/cli: lock the ckch structures during crt-list delete

The cli_parse_del_crtlist() does unlock the ckch big lock, but it does
not lock it at the beginning of the function which is dangerous.
As a side effect it let the structures locked once it called the unlock.

This bug was introduced by 0a9b941 ("MINOR: ssl/cli: 'del ssl crt-list'
delete an entry")

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b1670456bb4688760a0c5d45ba8f86a30e32e299..e9166053ff7e264bf3496a48b75d6df1e185def6 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -11512,6 +11512,9 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
        if (!*args[3] || !*args[4])
                return cli_err(appctx, "'del ssl crtlist' expects a filename and a certificate name\n");
 
+       if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
+               return cli_err(appctx, "Can't delete!\nOperations on certificates are currently locked!\n");
+
        crtlist_path = args[3];
        cert_path = args[4];