MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'.

We don't want to load these files found in directories specified in "crt" or
"crt-list".

These suffixes are reserved for OCSP stapling.
This commit is contained in:
Emeric Brun 2014-06-18 18:15:09 +02:00 committed by Willy Tarreau
parent 26202760a4
commit 2aab722dc1
1 changed files with 4 additions and 0 deletions

View File

@ -868,6 +868,10 @@ int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, struct proxy *cu
*end = 0; *end = 0;
while ((de = readdir(dir))) { while ((de = readdir(dir))) {
end = strrchr(de->d_name, '.');
if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp")))
continue;
snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name); snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
if (stat(fp, &buf) != 0) { if (stat(fp, &buf) != 0) {
memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n", memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",