MINOR: ssl/cli: update pointer to store in 'commit ssl cert'

The crtlist_entry structure use a pointer to the store as key.
That's a problem with the dynamic update of a certificate over the CLI,
because it allocates a new ckch_store. So updating the pointers is
needed. To achieve that, a linked list of the crtlist_entry was added in
the ckch_store, so it's easy to iterate on this list to update the
pointers. Another solution would have been to rework the system so we
don't allocate a new ckch_store, but it requires a rework of the ckch
code.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d6f8e677257259005977e3bcd503748761e8e5b1..b842d3039ffd4c40b7b12a39d4bee8d59884462a 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -11489,6 +11489,7 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
        struct ckch_inst *ckchi, *ckchis;
        struct buffer *trash = alloc_trash_chunk();
        struct sni_ctx *sc0, *sc0s;
+       struct crtlist_entry *entry;
 
        if (trash == NULL)
                goto error;
@@ -11589,6 +11590,15 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
                                if (!new_ckchs)
                                        continue;
 
+                               /* get the list of crtlist_entry in the old store, and update the pointers to the store */
+                               LIST_SPLICE(&new_ckchs->crtlist_entry, &old_ckchs->crtlist_entry);
+                               list_for_each_entry(entry, &new_ckchs->crtlist_entry, by_ckch_store) {
+                                       ebpt_delete(&entry->node);
+                                       /* change the ptr and reinsert the node */
+                                       entry->node.key = new_ckchs;
+                                       ebpt_insert(&entry->crtlist->entries, &entry->node);
+                               }
+
                                /* First, we insert every new SNIs in the trees, also replace the default_ctx */
                                list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
                                        HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);