From: Remi Tricot-Le Breton Date: Tue, 23 Feb 2021 15:28:43 +0000 (+0100) Subject: MINOR: ssl: Add helper function to add cafile entries X-Git-Tag: v2.5-dev1~276 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=38c999b11c57eb1aa5ad958eb4c8d87b4995da76;p=thirdparty%2Fhaproxy.git MINOR: ssl: Add helper function to add cafile entries Adds a way to insert a new uncommitted cafile_entry in the tree. This entry will be the one fetched by any lookup in the tree unless the oldest cafile_entry is explicitely looked for. This way, until a "commit ssl ca-file" command is completed, there could be two cafile_entries with the same path in the tree, the original one and the newly updated one. --- diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h index dd68662b58..54c3c94a69 100644 --- a/include/haproxy/ssl_ckch.h +++ b/include/haproxy/ssl_ckch.h @@ -59,6 +59,7 @@ void ckch_inst_add_cafile_link(struct ckch_inst *ckch_inst, struct bind_conf *bi /* ssl_store functions */ struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry); X509_STORE* ssl_store_get0_locations_file(char *path); +int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry); struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store); void ssl_store_delete_cafile_entry(struct cafile_entry *ca_e); int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf); diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 10123b4fab..3664ae6241 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -961,6 +961,11 @@ struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry) return ca_e; } +int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry) +{ + return (ebst_insert(&cafile_tree, &entry->node) != &entry->node); +} + X509_STORE* ssl_store_get0_locations_file(char *path) { struct cafile_entry *ca_e = ssl_store_get_cafile_entry(path, 0);