From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 4 Nov 2019 13:02:11 +0000 (+0100)
Subject: BUG/MINOR: ssl/cli: fix an error when a file is not found
X-Git-Tag: v2.1-dev5~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3246d9466a4accad62ee22e348dda709d65077af;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/cli: fix an error when a file is not found

When trying to update a certificate <file>.{rsa,ecdsa,dsa}, but this one
does not exist and if <file> was used as a regular file in the
configuration, the error was ambiguous. Correct it so we can return a
certificate not found error.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7b2f1021cd..88c0a01efd 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10307,10 +10307,13 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
 					errcode |= ERR_ALERT | ERR_FATAL;
 					goto end;
 				}
-				/* If we want a bundle but this is not a bundle */
-				/* note that it should never happen */
-				if (bundle >= 0 && find_ckchs[i]->multi == 0)
-					goto end;
+				/* If we want a bundle but this is not a bundle
+				 * example: When you try to update <file>.rsa, but
+				 * <file> is a regular file */
+				if (bundle >= 0 && find_ckchs[i]->multi == 0) {
+					find_ckchs[i] = NULL;
+					break;
+				}
 			}
 #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
 			{