BUG/MINOR: acme: key not restored upon error in acme_res_certificate() V2

When receiving the final certificate, it need to be loaded by
ssl_sock_load_pem_into_ckch(). However this function will remove any
existing private key in the struct ckch_store.

In order to fix the issue, the ptr to the key is swapped with a NULL
ptr, and restored once the new certificate is commited.

However there is a discrepancy when there is an error in
ssl_sock_load_pem_into_ckch() fails and the pointer is lost.

This patch fixes the issue by restoring the pointer in the error path.

This must fix issue #2933.

diff --git a/src/acme.c b/src/acme.c
index 2e427ebe5e5907ae58b5d451bd0d7337e269740d..895a3ebd0a8d63c86714bb0873613e337713dc5c 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -638,7 +638,7 @@ int acme_res_certificate(struct task *task, struct acme_ctx *ctx, char **errmsg)
        struct http_hdr *hdrs, *hdr;
        struct buffer *t1 = NULL, *t2 = NULL;
        int ret = 1;
-       EVP_PKEY *key;
+       EVP_PKEY *key = NULL;
 
        hc = ctx->hc;
        if (!hc)
@@ -681,6 +681,7 @@ int acme_res_certificate(struct task *task, struct acme_ctx *ctx, char **errmsg)
 
        /* restore the key */
        ctx->store->data->key = key;
+       key = NULL;
 
        if (acme_update_certificate(task, ctx, errmsg) != 0)
                goto error;
@@ -689,6 +690,8 @@ out:
        ret = 0;
 
 error:
+       if (key)
+               ctx->store->data->key = key;
        free_trash_chunk(t1);
        free_trash_chunk(t2);
        httpclient_destroy(hc);