mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-29 08:02:08 +00:00
MINOR: ssl: load sctl from buf OR from a file
The ssl_sock_load_sctl_from_file() function was modified to fill directly a struct cert_key_and_chain. The function prototype was normalized in order to be used with the CLI payload parser. This function either read text from a buffer or read a file on the filesystem. It fills the ocsp_response buffer of the struct cert_key_and_chain.
This commit is contained in:
parent
3b5f360744
commit
0dfae6c315
@ -1386,44 +1386,57 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int ssl_sock_load_sctl_from_file(const char *sctl_path,
|
||||
struct buffer **sctl)
|
||||
/* Try to load a sctl from a buffer <buf> if not NULL, or read the file <sctl_path>
|
||||
* It fills the ckch->sctl buffer
|
||||
* return 0 on success or != 0 on failure */
|
||||
static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct cert_key_and_chain *ckch, char **err)
|
||||
{
|
||||
int fd = -1;
|
||||
int r = 0;
|
||||
int ret = 1;
|
||||
struct buffer tmp;
|
||||
struct buffer *src;
|
||||
struct buffer *sctl;
|
||||
|
||||
*sctl = NULL;
|
||||
|
||||
fd = open(sctl_path, O_RDONLY);
|
||||
if (fd == -1)
|
||||
goto end;
|
||||
|
||||
trash.data = 0;
|
||||
while (trash.data < trash.size) {
|
||||
r = read(fd, trash.area + trash.data, trash.size - trash.data);
|
||||
if (r < 0) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
|
||||
if (buf) {
|
||||
tmp.area = buf;
|
||||
tmp.data = strlen(buf);
|
||||
tmp.size = tmp.data + 1;
|
||||
src = &tmp;
|
||||
} else {
|
||||
fd = open(sctl_path, O_RDONLY);
|
||||
if (fd == -1)
|
||||
goto end;
|
||||
|
||||
trash.data = 0;
|
||||
while (trash.data < trash.size) {
|
||||
r = read(fd, trash.area + trash.data, trash.size - trash.data);
|
||||
if (r < 0) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
goto end;
|
||||
}
|
||||
else if (r == 0) {
|
||||
break;
|
||||
}
|
||||
trash.data += r;
|
||||
}
|
||||
else if (r == 0) {
|
||||
break;
|
||||
}
|
||||
trash.data += r;
|
||||
src = &trash;
|
||||
}
|
||||
|
||||
ret = ssl_sock_parse_sctl(&trash);
|
||||
ret = ssl_sock_parse_sctl(src);
|
||||
if (ret)
|
||||
goto end;
|
||||
|
||||
*sctl = calloc(1, sizeof(**sctl));
|
||||
if (!chunk_dup(*sctl, &trash)) {
|
||||
free(*sctl);
|
||||
*sctl = NULL;
|
||||
sctl = calloc(1, sizeof(*sctl));
|
||||
if (!chunk_dup(sctl, src)) {
|
||||
free(sctl);
|
||||
sctl = NULL;
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
/* TODO: free the previous SCTL in the ckch */
|
||||
ckch->sctl = sctl;
|
||||
|
||||
end:
|
||||
if (fd != -1)
|
||||
@ -3035,7 +3048,7 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, BIO *buf, struct c
|
||||
|
||||
snprintf(fp, MAXPATHLEN+1, "%s.sctl", path);
|
||||
if (stat(fp, &st) == 0) {
|
||||
if (ssl_sock_load_sctl_from_file(fp, &ckch->sctl)) {
|
||||
if (ssl_sock_load_sctl_from_file(fp, NULL, ckch, err)) {
|
||||
memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
|
||||
*err ? *err : "", fp);
|
||||
ret = 1;
|
||||
|
Loading…
Reference in New Issue
Block a user