git.ipfire.org Git - thirdparty/haproxy.git/commit

author	William Lallemand <wlallemand@haproxy.org>
	Fri, 29 Jul 2022 15:50:58 +0000 (17:50 +0200)
committer	William Lallemand <wlallemand@haproxy.org>
	Fri, 19 Aug 2022 17:58:53 +0000 (19:58 +0200)
commit	62c0b99e3bda3b9c8a7db0f25e6518c0fb79a52b
tree	2fc41fea6efbbd009c5ccf651e8086dabf5b64e8	tree \| snapshot
parent	d4774d3cfa550b27ac6e001771e4457c7e35968a	commit \| diff

MINOR: ssl/cli: implement "add ssl ca-file"

In ticket #1805 an user is impacted by the limitation of size of the CLI
buffer when updating a ca-file.

This patch allows a user to append new certificates to a ca-file instead
of trying to put them all with "set ssl ca-file"

The implementation use a new function ssl_store_dup_cafile_entry() which
duplicates a cafile_entry and its X509_STORE.

ssl_store_load_ca_from_buf() was modified to take an apped parameter so
we could share the function for "set" and "add".

doc/management.txt		diff \| blob \| blame \| history
include/haproxy/ssl_ckch.h		diff \| blob \| blame \| history
reg-tests/ssl/new_del_ssl_cafile.vtc		diff \| blob \| blame \| history
reg-tests/ssl/set_ssl_cafile.vtc		diff \| blob \| blame \| history
src/ssl_ckch.c		diff \| blob \| blame \| history