RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-10 07:49:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: ssl: Added multi cert support for crt-list config keyword

Browse Source 
Added support for loading mutiple certs into shared contexts when they
are specified in a crt-list

Note that it's not practical to support SNI filters with multicerts, so
any SNI filters that's provided to the crt-list is ignored if a
multi-cert opertion is used.
This commit is contained in:
yanbzhu 2015-12-02 13:54:14 -05:00 committed by Willy Tarreau
parent 08ce6ab0c9
commit 1b04e5b0e0
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ssl_sock.c
View File

@ -2283,6 +2283,7 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
{
char thisline[LINESIZE];
FILE *f;
struct stat buf;
int linenum = 0;
int cfgerr = 0;
@ -2341,7 +2342,12 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
if (!arg)
continue;
cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err);
if (stat(args[0], &buf) == 0) {
cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err);
} else {
cfgerr = ssl_sock_load_multi_cert(args[0], bind_conf, curproxy, NULL, err);
}
if (cfgerr) {
memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
break;