BUG/MINOR: ssl/cli: don't overwrite the filters variable

When a crt-list line using an already used ckch_store does not contain
filters, it will overwrite the ckchs->filters variable with 0.
This problem will generate all sni_ctx of this ckch_store without
filters. Filters generation mustn't be allowed in any case.

Must be backported in 2.1.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e0d3f101431b06ad075d268886008c2e4a805a5c..57e97fd2c04d6484b258b28a010cf229817aed14 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3858,7 +3858,7 @@ static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *c
 
        /* at least one of the instances is using filters during the config
         * parsing, that's ok to inherit this during loading on CLI */
-       ckchs->filters = !!fcount;
+       ckchs->filters |= !!fcount;
 
        /* Process each ckch and update keytypes for each CN/SAN
         * for example, if CN/SAN www.a.com is associated with
@@ -4102,7 +4102,7 @@ static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs,
 
        /* at least one of the instances is using filters during the config
         * parsing, that's ok to inherit this during loading on CLI */
-       ckchs->filters = !!fcount;
+       ckchs->filters |= !!fcount;
 
        ctx = SSL_CTX_new(SSLv23_server_method());
        if (!ctx) {