MINOR: ssl: Add reference to default ckch instance in bind_conf

In order for the link between the cafile_entry and the default ckch
instance to be built, we need to give a pointer to the instance during
the ssl_sock_prepare_ctx call.

diff --git a/include/haproxy/listener-t.h b/include/haproxy/listener-t.h
index b9c12908514690315ae2bd76a900e65f86264bc9..959f3e83e05d0a37928dc5db0b91f99724620bee 100644 (file)
--- a/include/haproxy/listener-t.h
+++ b/include/haproxy/listener-t.h
@@ -164,6 +164,7 @@ struct bind_conf {
        unsigned long long crt_ignerr; /* ignored verify errors in handshake if depth == 0 */
        SSL_CTX *initial_ctx;      /* SSL context for initial negotiation */
        SSL_CTX *default_ctx;      /* SSL context of first/default certificate */
+       struct ckch_inst *default_inst;
        struct ssl_bind_conf *default_ssl_conf; /* custom SSL conf of default_ctx */
        int strict_sni;            /* refuse negotiation if sni doesn't match a certificate */
        int ssl_options;           /* ssl options */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8f9f535401327ce165748da6ce99cccc2008f799..c7e1005d5fa30a19ac008fb9bcb8bb342a1514bc 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2933,6 +2933,7 @@ void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_
                SSL_CTX_free(bind_conf->default_ctx);
                SSL_CTX_up_ref(ckch_inst->ctx);
                bind_conf->default_ctx = ckch_inst->ctx;
+               bind_conf->default_inst = ckch_inst;
        }
 }
 
@@ -3368,6 +3369,7 @@ int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct
                bind_conf->default_ssl_conf = ssl_conf;
                ckch_inst->is_default = 1;
                SSL_CTX_up_ref(ctx);
+               bind_conf->default_inst = ckch_inst;
        }
 
        /* Always keep a reference to the newly constructed SSL_CTX in the
@@ -4903,7 +4905,7 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
                errcode |= ssl_sock_prep_ctx_and_inst(bind_conf, NULL, bind_conf->initial_ctx, NULL, &errmsg);
        }
        if (bind_conf->default_ctx) {
-               errcode |= ssl_sock_prep_ctx_and_inst(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx, NULL, &errmsg);
+               errcode |= ssl_sock_prep_ctx_and_inst(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx, bind_conf->default_inst, &errmsg);
        }
 
        node = ebmb_first(&bind_conf->sni_ctx);
@@ -5054,6 +5056,7 @@ void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
        bind_conf->initial_ctx = NULL;
        SSL_CTX_free(bind_conf->default_ctx);
        bind_conf->default_ctx = NULL;
+       bind_conf->default_inst = NULL;
        bind_conf->default_ssl_conf = NULL;
 }