MEDIUM: ssl: ignored file names ending as '.issuer' or '.ocsp'.
We don't want to load these files found in directories specified in "crt" or "crt-list". These suffixes are reserved for OCSP stapling.
This commit is contained in:
parent
26202760a4
commit
2aab722dc1
|
@ -868,6 +868,10 @@ int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, struct proxy *cu
|
||||||
*end = 0;
|
*end = 0;
|
||||||
|
|
||||||
while ((de = readdir(dir))) {
|
while ((de = readdir(dir))) {
|
||||||
|
end = strrchr(de->d_name, '.');
|
||||||
|
if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp")))
|
||||||
|
continue;
|
||||||
|
|
||||||
snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
|
snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
|
||||||
if (stat(fp, &buf) != 0) {
|
if (stat(fp, &buf) != 0) {
|
||||||
memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
|
memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
|
||||||
|
|
Loading…
Reference in New Issue