From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 11 Apr 2025 21:52:07 +0000 (+0200)
Subject: MINOR: acme: copy the original ckch_store
X-Git-Tag: v3.2-dev11~82
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9505b5bdf0d9ee7c1955550b738b80ec006c2994;p=thirdparty%2Fhaproxy.git

MINOR: acme: copy the original ckch_store

Copy the original ckch_store instead of creating a new one. This allows
to inherit the ckch_conf from the previous structure when doing a
ckchs_dup(). The ckch_conf contains the SAN for ACME.

Free the previous PKEY since it a new one is generated.
---

diff --git a/src/acme.c b/src/acme.c
index 5e1ea927c..5519ae25e 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -1723,7 +1723,7 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 		goto err;
 	}
 
-	newstore = ckch_store_new(store->path);
+	newstore = ckchs_dup(store);
 	if (!newstore) {
 		memprintf(&err, "Out of memory.\n");
 		goto err;
@@ -1769,6 +1769,7 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 
 	EVP_PKEY_CTX_free(pkey_ctx);
 
+	EVP_PKEY_free(newstore->data->key);
 	newstore->data->key = pkey;
 
 	ctx->req = acme_x509_req(pkey, store->conf.acme.domains);
@@ -1777,8 +1778,6 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 		goto err;
 	}
 
-	/* XXX: must implement a real copy */
-	newstore->conf = store->conf;
 
 	ctx->store = newstore;
 	ctx->cfg = cfg;