If a directory name is used instead of a PEM file, then all files found in
that directory will be loaded in alphabetic order unless their name ends
- with '.key', '.issuer', '.ocsp' or '.sctl' (reserved extensions). This
- directive may be specified multiple times in order to load certificates from
- multiple files or directories. The certificates will be presented to clients
- who provide a valid TLS Server Name Indication field matching one of their
- CN or alt subjects. Wildcards are supported, where a wildcard character '*'
- is used instead of the first hostname component (e.g. *.example.org matches
- www.example.org but not www.sub.example.org).
+ with '.key', '.issuer', '.ocsp' or '.sctl' (reserved extensions). Files
+ starting with a dot are also ignored. This directive may be specified multiple
+ times in order to load certificates from multiple files or directories. The
+ certificates will be presented to clients who provide a valid TLS Server Name
+ Indication field matching one of their CN or alt subjects. Wildcards are
+ supported, where a wildcard character '*' is used instead of the first
+ hostname component (e.g. *.example.org matches www.example.org but not
+ www.sub.example.org).
If no SNI is provided by the client or if the SSL library does not support
TLS extensions, or if the client provides an SNI hostname which does not
struct dirent *de = de_list[i];
end = strrchr(de->d_name, '.');
- if (end && (strcmp(end, ".issuer") == 0 || strcmp(end, ".ocsp") == 0 || strcmp(end, ".sctl") == 0 || strcmp(end, ".key") == 0))
+ if (end && (de->d_name[0] == '.' ||
+ strcmp(end, ".issuer") == 0 || strcmp(end, ".ocsp") == 0 ||
+ strcmp(end, ".sctl") == 0 || strcmp(end, ".key") == 0))
goto ignore_entry;
snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
projects / thirdparty / haproxy.git / commitdiff
