BUG/MINOR: ssl: prevent multiple 'crt' on the same ssl-f-use line

The 'ssl-f-use' implementation doesn't prevent to have multiple time the
'crt' keyword, which overwrite the previous value. Letting users think
that is it possible to use multiple certificates on the same line, which
is not the case.

This patch emits an alert when setting the 'crt' keyword multiple times
on the same ssl-f-use line.

Should fix issue #2966.

No backport needed.

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index c71e070d660073caf9fc771eb1e4dba00eed3930..3192121d6a83c528582592572956ad183356f3a0 100644 (file)
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -2208,6 +2208,10 @@ static int proxy_parse_ssl_f_use(char **args, int section_type, struct proxy *cu
                        char path[MAXPATHLEN+1];
                        const char *arg = args[cur_arg+1];
 
+                       if (ckch_conf->crt) {
+                               memprintf(err, "'%s' already specified, aborting.", "crt");
+                               goto error;
+                       }
                        if (*arg != '@' && *arg != '/' && global_ssl.crt_base) {
                                if ((strlen(global_ssl.crt_base) + 1 + strlen(arg)) > sizeof(path) ||
                                     snprintf(path, sizeof(path), "%s/%s",  global_ssl.crt_base, arg) > sizeof(path)) {