MINOR: ssl: Added multi cert support for crt-list config keyword

Added support for loading mutiple certs into shared contexts when they
are specified in a crt-list

Note that it's not practical to support SNI filters with multicerts, so
any SNI filters that's provided to the crt-list is ignored if a
multi-cert opertion is used.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5226a496258e1e1fa5f7da7c9a6b0501e99169bd..d058e4f97a8ea96913ebe03337e2919f444cadd3 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2283,6 +2283,7 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
 {
        char thisline[LINESIZE];
        FILE *f;
+       struct stat buf;
        int linenum = 0;
        int cfgerr = 0;
 
@@ -2341,7 +2342,12 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
                if (!arg)
                        continue;
 
-               cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err);
+               if (stat(args[0], &buf) == 0) {
+                       cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err);
+               } else {
+                       cfgerr = ssl_sock_load_multi_cert(args[0], bind_conf, curproxy, NULL, err);
+               }
+
                if (cfgerr) {
                        memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
                        break;