BUG/MINOR: ssl: Missing ssl_conf pointer check when checking ocsp update inconsistencies

author Remi Tricot-Le Breton <rlebreton@haproxy.com>

Tue, 10 Jan 2023 10:44:15 +0000 (11:44 +0100)

committer William Lallemand <wlallemand@haproxy.org>

Wed, 11 Jan 2023 10:20:26 +0000 (11:20 +0100)
author Remi Tricot-Le Breton <rlebreton@haproxy.com>
Tue, 10 Jan 2023 10:44:15 +0000 (11:44 +0100)
committer William Lallemand <wlallemand@haproxy.org>
Wed, 11 Jan 2023 10:20:26 +0000 (11:20 +0100)
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c

index e76fb9a112a18eec1923186696e0d544f6a254d4..bf32de11fcbfc17d9ea88c34c0d43495b0258482 100644 (file)
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -615,7 +615,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
                                         entry_dup->crtlist = newlist;
                                         if (ckchs->data->ocsp_update_mode != SSL_SOCK_OCSP_UPDATE_DFLT || entry->ssl_conf) {
                                                 if ((!entry->ssl_conf && ckchs->data->ocsp_update_mode == SSL_SOCK_OCSP_UPDATE_ON)
-                                                   || ckchs->data->ocsp_update_mode != entry->ssl_conf->ocsp_update) {
+                                                   || (entry->ssl_conf && ckchs->data->ocsp_update_mode != entry->ssl_conf->ocsp_update)) {
                                                         memprintf(err, "%sIncompatibilities found in OCSP update mode for certificate %s\n", err && *err ? *err : "", crt_path);
                                                         cfgerr |= ERR_ALERT;
                                                 }
@@ -647,7 +647,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
                         entry->crtlist = newlist;
                         if (ckchs->data->ocsp_update_mode != SSL_SOCK_OCSP_UPDATE_DFLT || entry->ssl_conf) {
                                 if ((!entry->ssl_conf && ckchs->data->ocsp_update_mode == SSL_SOCK_OCSP_UPDATE_ON)
-                                   || ckchs->data->ocsp_update_mode != entry->ssl_conf->ocsp_update) {
+                                   || (entry->ssl_conf && ckchs->data->ocsp_update_mode != entry->ssl_conf->ocsp_update)) {
                                         memprintf(err, "%sIncompatibilities found in OCSP update mode for certificate %s\n", err && *err ? *err : "", crt_path);
                                         cfgerr |= ERR_ALERT;
                                 }
author	Remi Tricot-Le Breton <rlebreton@haproxy.com>
	Tue, 10 Jan 2023 10:44:15 +0000 (11:44 +0100)
committer	William Lallemand <wlallemand@haproxy.org>
	Wed, 11 Jan 2023 10:20:26 +0000 (11:20 +0100)