From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 15 Oct 2019 08:05:37 +0000 (+0200)
Subject: BUG/MINOR: ssl: fix error messages for OCSP loading
X-Git-Tag: v2.1-dev3~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=786188f6bfcc6f8ed2a4fe73b543f572ed2a00a9;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: fix error messages for OCSP loading

The error messages for OCSP in ssl_sock_load_crt_file_into_ckch() add a
double extension to the filename, that can be confusing. The messages
reference a .issuer.issuer file.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ef91821543..1a48e2a392 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3007,7 +3007,7 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, BIO *buf, struct c
 			snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
 			if (stat(fp, &st) == 0) {
 				if (BIO_read_filename(in, fp) <= 0) {
-					memprintf(err, "%s '%s.issuer' is present but cannot be read or parsed'.\n",
+					memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
 						  *err ? *err : "", fp);
 					ret = 1;
 					goto end;
@@ -3015,14 +3015,14 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, BIO *buf, struct c
 
 				issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
 				if (!issuer) {
-					memprintf(err, "%s '%s.issuer' is present but cannot be read or parsed'.\n",
+					memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
 						  *err ? *err : "", fp);
 					ret = 1;
 					goto end;
 				}
 
 				if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
-					memprintf(err, "%s '%s.issuer' is not an issuer'.\n",
+					memprintf(err, "%s '%s' is not an issuer'.\n",
 						  *err ? *err : "", fp);
 					ret = 1;
 					goto end;