From 43899ec83dea8e10c21e6a907eb76391c463cc2f Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Wed, 21 Apr 2021 15:32:46 +0200 Subject: [PATCH] BUG/MINOR: ssl: ssl_sock_prepare_ssl_ctx does not return an error code The return value check was wrongly based on error codes when the function actually returns an error number. This bug was introduced by f3eedfe19592ebcbaa5b97d8c68aa162e7f6f8fa which is a feature not present before branch 2.4. It does not need to be backported. --- src/ssl_ckch.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 7504c55b8..c41c1789c 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -1259,6 +1259,7 @@ static int cli_io_handler_commit_cert(struct appctx *appctx) int y = 0; char *err = NULL; int errcode = 0; + int retval = 0; struct ckch_store *old_ckchs, *new_ckchs = NULL; struct ckch_inst *ckchi, *ckchis; struct buffer *trash = alloc_trash_chunk(); @@ -1337,8 +1338,8 @@ static int cli_io_handler_commit_cert(struct appctx *appctx) new_inst->server = ckchi->server; /* Create a new SSL_CTX and link it to the new instance. */ if (new_inst->is_server_instance) { - errcode |= ssl_sock_prepare_srv_ssl_ctx(ckchi->server, new_inst->ctx); - if (errcode & ERR_CODE) + retval = ssl_sock_prepare_srv_ssl_ctx(ckchi->server, new_inst->ctx); + if (retval) goto error; }