BUG/MINOR: ssl/crt-list: load bundle in crt-list only if activated

Don't try to load a bundle from a crt-list if the bundle support was
disabled with ssl-load-extra-files.

Must be backported to 2.3.

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index ac2d849f60dbba9d5b7be8dea614ea527661283a..8e9e5a11f3e6f264ff1362af7379f8089b361143 100644 (file)
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -550,7 +550,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
                                LIST_ADDQ(&newlist->ord_entries, &entry->by_crtlist);
                                LIST_ADDQ(&ckchs->crtlist_entry, &entry->by_ckch_store);
 
-                       } else {
+                       } else if (global_ssl.extra_files & SSL_GF_BUNDLE) {
                                /* If we didn't find the file, this could be a
                                bundle, since 2.3 we don't support multiple
                                certificate in the same OpenSSL store, so we