]> git.ipfire.org Git - thirdparty/haproxy.git/commit
BUG/MINOR: ssl: SSL_CERT_DIR environment variable doesn't affect haproxy 20260210-default-ca flx04/20260210-default-ca
authorWilliam Lallemand <wlallemand@haproxy.com>
Tue, 10 Feb 2026 20:31:07 +0000 (21:31 +0100)
committerWilliam Lallemand <wlallemand@haproxy.com>
Tue, 10 Feb 2026 20:34:45 +0000 (21:34 +0100)
commitea92b0ef01899ba5e515c3a0f3f10b2827b39893
tree2c4ef7d3a05962f63e3c46c6aa72e9c203e05d0f
parent2ac0d127903baab68f3e9c65df5ca92708b058ec
BUG/MINOR: ssl: SSL_CERT_DIR environment variable doesn't affect haproxy

The documentation of @system-ca specifies that one can overwrite the
value provided by the SSL Library using SSL_CERT_DIR.

However it seems like X509_get_default_cert_dir() is not affected by
this environment variable, and X509_get_default_cert_dir_env() need to
be used in order to get the variable name, and get the value manually.

This could be backported in every stable branches. Note that older
branches don't have the memprintf in ssl_sock.c.
include/haproxy/ssl_ckch.h
src/ssl_ckch.c
src/ssl_sock.c