]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2bdf5a7)
BUG/MINOR: acme: can't override the default resolver
authorWilliam Lallemand <wlallemand@haproxy.com>
Thu, 13 Nov 2025 16:17:11 +0000 (17:17 +0100)
committerWilliam Lallemand <wlallemand@haproxy.com>
Thu, 13 Nov 2025 16:17:11 +0000 (17:17 +0100)
httpclient_acme_init() was called in cfg_parse_acme() which is at
section parsing. httpclient_acme_init() also calls
httpclient_create_proxy() which could create a "default" resolvers
section if it doesn't exists.

If one tries to override the default resolvers section after an ACME
section, the resolvers section parsing will fail because the section was
already created by httpclient_create_proxy().

This patch fixes the issue by moving the initialization of the ACME
proxy to a pre_check callback, which is called just before
check_config_validity().

Must be backported in 3.2.

src/acme.c patch | blob | blame | history

diff --git a/src/acme.c b/src/acme.c
index 5d2c4a77893df79174accd5f05af170c2723f392..9d73f311cdaaaffc0feaff515ea85cef9474c938 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -282,14 +282,6 @@ static int cfg_parse_acme(const char *file, int linenum, char **args, int kwm)
                        goto out;
                }
 
-               if (httpclient_acme_px == NULL) {
-                       if (httpclient_acme_init() & ERR_FATAL) {
-                               err_code |= ERR_ALERT | ERR_FATAL;
-                               ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
-                               goto out;
-                       }
-               }
-
                cur_acme = new_acme_cfg(args[1]);
                if (!cur_acme) {
                        err_code |= ERR_ALERT | ERR_FATAL;
@@ -754,6 +746,21 @@ out:
        return err_code;
 }
 
+/* initialize the httpclient just before check_config_validity() because it could create a defaults resolver if it
+ * doesn't exist. */
+static int cfg_precheck_acme()
+{
+       if (acme_cfgs) {
+               if (httpclient_acme_init() & ERR_FATAL) {
+                       ha_alert("couldn't initialize the httpclient for ACME.\n");
+                       return ERR_ABORT;
+
+               }
+       }
+       return ERR_NONE;
+}
+REGISTER_PRE_CHECK(cfg_precheck_acme);
+
 /* postparser function checks if the ACME section was declared */
 static int cfg_postparser_acme()
 {
Mirror of https://github.com/haproxy/haproxy.git