MINOR: ssl/cli: improve error for bundle in add/del ssl crt-list

Bundles are deprecated and can't be used with the crt-list command of
the CLI, improve the error output when trying to use them so the users
can disable them.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e9166053ff7e264bf3496a48b75d6df1e185def6..f359e720ef5c222fc9e8d011051131dffd2e5174 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -11455,6 +11455,10 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
                memprintf(&err, "certificate '%s' does not exist!", cert_path);
                goto error;
        }
+       if (store->multi) {
+               memprintf(&err, "certificate '%s' is a bundle. You can disable the bundle merging with the directive 'ssl-load-extra-files' in the global section.", cert_path);
+               goto error;
+       }
        if (store->ckch == NULL || store->ckch->cert == NULL) {
                memprintf(&err, "certificate '%s' is empty!", cert_path);
                goto error;
@@ -11543,6 +11547,10 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
                memprintf(&err, "certificate '%s' does not exist!", cert_path);
                goto error;
        }
+       if (store->multi) {
+               memprintf(&err, "certificate '%s' is a bundle. You can disable the bundle merging with the directive 'ssl-load-extra-files' in the global section.", cert_path);
+               goto error;
+       }
        if (store->ckch == NULL || store->ckch->cert == NULL) {
                memprintf(&err, "certificate '%s' is empty!", cert_path);
                goto error;