MINOR: ssl/cli: disallow SSL options for directory in 'add ssl crt-list'

Allowing the use of SSL options and filters when adding a file in a
directory is not really consistent with the reload of HAProxy. Disable
the ability to use these options if one try to use them with a directory.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 376e624115eb85c473b6c35f7e139f30c4d3e6c6..9313f5e2300f47bcd1a09d9385c9e7604bbd85a3 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -11445,6 +11445,12 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
                goto error;
        }
 
+       /* this is supposed to be a directory (EB_ROOT_UNIQUE), so no ssl_conf are allowed */
+       if ((entry->ssl_conf || entry->filters) && eb_gettag(crtlist->entries.b[EB_RGHT])) {
+               memprintf(&err, "this is a directory, SSL configuration and filters are not allowed");
+               goto error;
+       }
+
        LIST_ADDQ(&crtlist->ord_entries, &entry->by_crtlist);
        entry->crtlist = crtlist;
        LIST_ADDQ(&store->crtlist_entry, &entry->by_ckch_store);