MINOR: ssl: store the filenames resulting from a lookup in ckch_conf

With this patch, files resulting from a lookup (*.key, *.ocsp,
*.issuer etc) are now stored in the ckch_conf.

It allows to see the original filename from where it was loaded in "show
ssl cert <filename>"

diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index e6356637f86e0de49ede77695260f6d97d2add38..8071f132e024fd3825dcfbc01f9a0fd9c8ccb6d5 100644 (file)
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -27,7 +27,7 @@
 
 /* cert_key_and_chain functions */
 
-int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, char **err);
+int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, struct ckch_conf *conf, char **err);
 int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct ckch_data *datackch , char **err);
 void ssl_sock_free_cert_key_and_chain_contents(struct ckch_data *data);
 

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index b82e9ad1a5a86bc1faefd32c63bab37e52846816..0cbc984dc581637a4e18a66d815c69a33fd0f1e8 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -351,7 +351,7 @@ end:
  *      0 on Success
  *      1 on SSL Failure
  */
-int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, char **err)
+int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, struct ckch_conf *conf, char **err)
 {
        struct buffer *fp = NULL;
        int ret = 1;
@@ -362,6 +362,20 @@ int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, char
                goto end;
        }
 
+       if (conf) {
+               conf->crt = strdup(path);
+               if (!conf->crt) {
+                       memprintf(err, "%s out of memory.\n", err && *err ? *err : "");
+                       goto end;
+               }
+               conf->key = strdup(path);
+               if (!conf->key) {
+                       memprintf(err, "%s out of memory.\n", err && *err ? *err : "");
+                       goto end;
+               }
+       }
+
+
        fp = alloc_trash_chunk();
        if (!fp) {
                memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
@@ -419,6 +433,14 @@ int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, char
                        memprintf(err, "%sNo Private Key found in '%s'.\n", err && *err ? *err : "", fp->area);
                        goto end;
                }
+               if (conf) {
+                       free(conf->key);
+                       conf->key = strdup(fp->area);
+                       if (!conf->key) {
+                               memprintf(err, "%s out of memory.\n", err && *err ? *err : "");
+                               goto end;
+                       }
+               }
                /* remove the added extension */
                *(fp->area + fp->data - strlen(".key")) = '\0';
                b_sub(fp, strlen(".key"));
@@ -451,6 +473,14 @@ int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, char
                                goto end;
                        }
                }
+               if (conf) {
+                       conf->sctl = strdup(fp->area);
+                       if (!conf->sctl) {
+                               memprintf(err, "%s out of memory.\n", err && *err ? *err : "");
+                               goto end;
+                       }
+               }
+
                /* remove the added extension */
                *(fp->area + fp->data - strlen(".sctl")) = '\0';
                b_sub(fp, strlen(".sctl"));
@@ -475,6 +505,14 @@ int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, char
                                goto end;
                        }
                }
+               if (conf) {
+                       conf->ocsp = strdup(fp->area);
+                       if (!conf->ocsp) {
+                               memprintf(err, "%s out of memory.\n", err && *err ? *err : "");
+                               goto end;
+                       }
+               }
+
                /* remove the added extension */
                *(fp->area + fp->data - strlen(".ocsp")) = '\0';
                b_sub(fp, strlen(".ocsp"));
@@ -505,6 +543,14 @@ int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, char
                                        goto end;
                                }
                        }
+                       if (conf) {
+                               conf->issuer = strdup(fp->area);
+                               if (!conf->issuer) {
+                                       memprintf(err, "%s out of memory.\n", err && *err ? *err : "");
+                                       goto end;
+                               }
+                       }
+
                        /* remove the added extension */
                        *(fp->area + fp->data - strlen(".issuer")) = '\0';
                        b_sub(fp, strlen(".issuer"));
@@ -1029,7 +1075,7 @@ struct ckch_store *ckch_store_new_load_files_path(char *path, char **err)
                goto end;
        }
 
-       if (ssl_sock_load_files_into_ckch(path, ckchs->data, err) == 1)
+       if (ssl_sock_load_files_into_ckch(path, ckchs->data, &ckchs->conf, err) == 1)
                goto end;
 
        ckchs->conf.used = CKCH_CONF_SET_EMPTY;
@@ -1066,7 +1112,7 @@ struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *
         * auto-detecting them. */
        if ((conf->used == CKCH_CONF_SET_EMPTY || conf->used == CKCH_CONF_SET_CRTLIST) &&
                (!conf->key && !conf->ocsp && !conf->issuer && !conf->sctl)) {
-               cfgerr = ssl_sock_load_files_into_ckch(conf->crt, ckchs->data, err);
+               cfgerr = ssl_sock_load_files_into_ckch(conf->crt, ckchs->data, &ckchs->conf, err);
                if (cfgerr & ERR_FATAL)
                        goto end;
                /* set conf->crt to NULL so it's not erased */

diff --git a/src/ssl_gencert.c b/src/ssl_gencert.c
index fb92460ffc899a39ce934b4923dd924ff39685c4..9ab5f3371d5cbc793f64849336e5a7226962074f 100644 (file)
--- a/src/ssl_gencert.c
+++ b/src/ssl_gencert.c
@@ -415,7 +415,7 @@ ssl_sock_gencert_load_ca(struct bind_conf *bind_conf)
        }
 
        /* Try to parse file */
-       if (ssl_sock_load_files_into_ckch(bind_conf->ca_sign_file, data, &err)) {
+       if (ssl_sock_load_files_into_ckch(bind_conf->ca_sign_file, data, NULL, &err)) {
                ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d]. Chain loading failed: %s\n",
                        px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line, err);
                free(err);