char *verify_host; /* hostname of certificate must match this host */
char *ca_file; /* CAfile to use on verify */
char *crl_file; /* CRLfile to use on verify */
- char *client_crt; /* client certificate to send */
struct sample_expr *sni; /* sample expression for SNI */
#ifdef OPENSSL_NPN_NEGOTIATED
char *npn_str; /* NPN protocol string */
/* parse the "crt" server keyword */
static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
{
+ int retval = -1;
+ char *path = NULL;
+
if (!*args[*cur_arg + 1]) {
memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
return ERR_ALERT | ERR_FATAL;
}
if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
- memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
+ memprintf(&path, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
else
- memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
+ memprintf(&path, "%s", args[*cur_arg + 1]);
+
+ if (path) {
+ retval = ssl_sock_load_srv_cert(path, newsrv, err);
+ free(path);
+ }
- return ssl_sock_load_srv_cert(newsrv->ssl_ctx.client_crt, newsrv, err);
+ return retval;
}
/* parse the "no-check-ssl" server keyword */
srv->ssl_ctx.ca_file = strdup(src->ssl_ctx.ca_file);
if (src->ssl_ctx.crl_file != NULL)
srv->ssl_ctx.crl_file = strdup(src->ssl_ctx.crl_file);
- if (src->ssl_ctx.client_crt != NULL)
- srv->ssl_ctx.client_crt = strdup(src->ssl_ctx.client_crt);
srv->ssl_ctx.verify = src->ssl_ctx.verify;
projects / thirdparty / haproxy.git / commitdiff
