From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 6 Nov 2025 13:11:43 +0000 (+0100)
Subject: BUG/MINOR: acme: allow 'key' when generating cert
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=094baa1cc003623839b660d87cfdded593902253;p=thirdparty%2Fhaproxy.git

BUG/MINOR: acme: allow 'key' when generating cert

Allow to use the 'key' keyword when 'crt' was generated with both a crt
and a key.

No backport needed.
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 57d456834..8ff6847c0 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -4779,9 +4779,9 @@ static int ckch_conf_load_key_or_generate(void *value, char *buf, struct ckch_st
 	errno = 0;
 	/* if ACME is enabled and the file does not exists, and no key was previously loaded generate the key */
 	if (s->conf.acme.id &&
-	    (stat(path, &sb) == -1 && errno == ENOENT) &&
-	    (!s->data->key)) {
-		s->data->key = acme_gen_tmp_pkey();
+	    (stat(path, &sb) == -1 && errno == ENOENT)) {
+		if (!s->data->key)
+			s->data->key = acme_gen_tmp_pkey();
 	} else
 #endif
 	{