git.ipfire.org Git - thirdparty/haproxy.git/commit

]> git.ipfire.org Git - thirdparty/haproxy.git/commit

projects / thirdparty / haproxy.git / commit

author	Frédéric Lécaille <flecaille@haproxy.com>
	Tue, 5 Dec 2023 14:38:29 +0000 (15:38 +0100)
committer	William Lallemand <wlallemand@haproxy.com>
	Wed, 6 Dec 2023 15:12:08 +0000 (16:12 +0100)
commit	75f5977ff4ccf205ee386e4f4b0c384fb6a110d5
tree	9a6d2a9bda02ed19fb71a46db985da4e824c770d	tree \| snapshot
parent	456ba6e95f094c084c2513a594e59670b5eac2d5	commit \| diff

BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate

This bug could be reproduced with the "set ssl cert" CLI command to update
a certificate. The OCSP CID is duplicated by ckchs_dup() which calls
ssl_sock_copy_cert_key_and_chain(). It should be computed again by
ssl_sock_load_ocsp(). This may be accomplished resetting the new ckch OCSP CID
returned by ckchs_dup().

This bug may be in relation with GH #2319.

Must be backported to 2.8.

src/ssl_ckch.c

diff | blob | blame | history

Mirror of https://github.com/haproxy/haproxy.git

RSS Atom