From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Wed, 7 Feb 2024 15:38:40 +0000 (+0100)
Subject: BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
X-Git-Tag: v3.0-dev3~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1fda0a52029ba5fe5ea4e31da7a71ba94b217170;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch

When calling ckchs_dup (during a "set ssl cert" CLI command), if the
modified store had OCSP auto update enabled then the new certificate
would not keep the previous update mode and would not appear in the auto
update list.

This patch can be backported to 2.8.
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 94af3621b0..de37bfb955 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -793,6 +793,8 @@ struct ckch_data *ssl_sock_copy_cert_key_and_chain(struct ckch_data *src,
 
 	dst->ocsp_cid = OCSP_CERTID_dup(src->ocsp_cid);
 
+	dst->ocsp_update_mode = src->ocsp_update_mode;
+
 	return dst;
 
 error: