BUG/MINOR: ssl: error with ssl-f-use when no "crt"

ssl-f-use lines tries to load a crt file, but the "crt" keyword is not
mandatory. That could lead to crtlist_load_crt() being called with a
NULL path, and trying to do a stat.

In this particular case we don't need to try anything and it's better to
leave with an actual error.

Must be backported as far as 3.2.

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index baa074cece78c00d14d32d56474dae3c43d667f2..7319b130739fecbaefb1e2c87ce6b6c71f62c2a9 100644 (file)
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -515,6 +515,13 @@ int crtlist_load_crt(char *crt_path, struct ckch_conf *cc, struct crtlist *newli
        struct stat st;
        int cfgerr = 0;
 
+       if (!crt_path) {
+               memprintf(err, "%sTrying to load a certificate but no 'crt' keyword specified.\n",
+                        err && *err ? *err : "");
+               cfgerr |= ERR_ALERT | ERR_FATAL;
+               goto error;
+       }
+
        /* Look for a ckch_store or create one */
        ckchs = ckchs_lookup(crt_path);
        if (ckchs == NULL) {