From 36ccc3922d62ebc62c2d15c0cbe5d896b9769b9c Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 8 Apr 2020 10:57:24 +0200
Subject: [PATCH] MINOR: ssl/cli: improve error for bundle in add/del ssl
 crt-list

Bundles are deprecated and can't be used with the crt-list command of
the CLI, improve the error output when trying to use them so the users
can disable them.
---
 src/ssl_sock.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e9166053ff..f359e720ef 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -11455,6 +11455,10 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
 		memprintf(&err, "certificate '%s' does not exist!", cert_path);
 		goto error;
 	}
+	if (store->multi) {
+		memprintf(&err, "certificate '%s' is a bundle. You can disable the bundle merging with the directive 'ssl-load-extra-files' in the global section.", cert_path);
+		goto error;
+	}
 	if (store->ckch == NULL || store->ckch->cert == NULL) {
 		memprintf(&err, "certificate '%s' is empty!", cert_path);
 		goto error;
@@ -11543,6 +11547,10 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
 		memprintf(&err, "certificate '%s' does not exist!", cert_path);
 		goto error;
 	}
+	if (store->multi) {
+		memprintf(&err, "certificate '%s' is a bundle. You can disable the bundle merging with the directive 'ssl-load-extra-files' in the global section.", cert_path);
+		goto error;
+	}
 	if (store->ckch == NULL || store->ckch->cert == NULL) {
 		memprintf(&err, "certificate '%s' is empty!", cert_path);
 		goto error;