RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-01 02:52:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: ssl: pass ckch_store instead of ckch_data to ssl_sock_load_ocsp()

Browse Source 
ssl_sock_put_ckch_into_ctx() and ssl_sock_load_ocsp() need to take a
ckch_store in argument. Indeed the ocsp_update_mode is not stored
anymore in ckch_data, but in ckch_conf which is part of the ckch_store.

This is a minor change, but the function definition had to change.
This commit is contained in:
William Lallemand 2024-04-30 21:31:05 +02:00
parent db09c2168f
commit 2b8880e395
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/ssl_sock.c
View File

@ -1106,8 +1106,9 @@ static int tlskeys_finalize_config(void)
* Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
* successfully enabled, or -1 in other error case.
*/
static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_data *data, STACK_OF(X509) *chain)
static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_store *store, STACK_OF(X509) *chain)
{
struct ckch_data *data = store->data;
X509 *x, *issuer;
int i, ret = -1;
struct certificate_ocsp *ocsp = NULL, *iocsp;
@ -3313,9 +3314,10 @@ end:
* The value 0 means there is no error nor warning and
* the operation succeed.
*/
static int ssl_sock_put_ckch_into_ctx(const char *path, struct ckch_data *data, SSL_CTX *ctx, char **err)
static int ssl_sock_put_ckch_into_ctx(const char *path, struct ckch_store *store, SSL_CTX *ctx, char **err)
{
int errcode = 0;
struct ckch_data *data = store->data;
STACK_OF(X509) *find_chain = NULL;
ERR_clear_error();
@ -3367,7 +3369,7 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, struct ckch_data *data,
* ocsp tree even if no ocsp_response was known during init, unless the
* frontend's conf disables ocsp update explicitly.
*/
if (ssl_sock_load_ocsp(path, ctx, data, find_chain) < 0) {
if (ssl_sock_load_ocsp(path, ctx, store, find_chain) < 0) {
if (data->ocsp_response)
memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
err && *err ? *err : "", path);
@ -3466,7 +3468,7 @@ int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct
if (global_ssl.security_level > -1)
SSL_CTX_set_security_level(ctx, global_ssl.security_level);
errcode |= ssl_sock_put_ckch_into_ctx(path, data, ctx, err);
errcode |= ssl_sock_put_ckch_into_ctx(path, ckchs, ctx, err);
if (errcode & ERR_CODE)
goto error;