From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Tue, 14 Mar 2023 16:22:24 +0000 (+0100)
Subject: BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list
X-Git-Tag: v2.8-dev7~133
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6549f53fb60f5870c447447105a26af67a1cc996;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list

If a bundle is used in a crt-list, the ssl-min-ver and ssl-max-ver
options were not taken into account in entries other than the first one
because the corresponding fields in the ssl_bind_conf structure were not
copied in crtlist_dup_ssl_conf.

This should fix GitHub issue #2069.
This patch should be backported up to 2.4.
---

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 5d1f5f3ecb..c31714d4e2 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -142,6 +142,15 @@ struct ssl_bind_conf *crtlist_dup_ssl_conf(struct ssl_bind_conf *src)
 		if (!dst->ecdhe)
 			goto error;
 	}
+
+	dst->ssl_methods_cfg.flags = src->ssl_methods_cfg.flags;
+	dst->ssl_methods_cfg.min = src->ssl_methods_cfg.min;
+	dst->ssl_methods_cfg.max = src->ssl_methods_cfg.max;
+
+	dst->ssl_methods.flags = src->ssl_methods.flags;
+	dst->ssl_methods.min = src->ssl_methods.min;
+	dst->ssl_methods.max = src->ssl_methods.max;
+
 	return dst;
 
 error: