BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list

If a bundle is used in a crt-list, the ssl-min-ver and ssl-max-ver
options were not taken into account in entries other than the first one
because the corresponding fields in the ssl_bind_conf structure were not
copied in crtlist_dup_ssl_conf.

This should fix GitHub issue #2069.
This patch should be backported up to 2.4.

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 5d1f5f3ecb24069bc8561ba365d9fa1683c632e8..c31714d4e22ed9d368d6ad4f0122c79f5079d82b 100644 (file)
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -142,6 +142,15 @@ struct ssl_bind_conf *crtlist_dup_ssl_conf(struct ssl_bind_conf *src)
                if (!dst->ecdhe)
                        goto error;
        }
+
+       dst->ssl_methods_cfg.flags = src->ssl_methods_cfg.flags;
+       dst->ssl_methods_cfg.min = src->ssl_methods_cfg.min;
+       dst->ssl_methods_cfg.max = src->ssl_methods_cfg.max;
+
+       dst->ssl_methods.flags = src->ssl_methods.flags;
+       dst->ssl_methods.min = src->ssl_methods.min;
+       dst->ssl_methods.max = src->ssl_methods.max;
+
        return dst;
 
 error: