RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-14 07:24:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL

Browse Source 
ssl_store_load_locations_file() is using X509_get_default_cert_dir()
when using '@system-ca' as a parameter.

This function could return a NULL if OpenSSL was built with a
X509_CERT_DIR set to NULL, this is uncommon but let's fix this.

No backport needed, 2.6 only.

Fix issue #1637.
This commit is contained in:
William Lallemand 2022-04-05 10:19:30 +02:00
parent 0dbf03871f
commit 80296b4bd5
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/ssl_ckch.c
View File

@ -1124,7 +1124,7 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
if (!X509_STORE_load_locations(store, file, NULL)) { if (!X509_STORE_load_locations(store, file, NULL)) {
goto err; goto err;
} }
} else { } else if (dir) {
int n, i; int n, i;
struct dirent **de_list; struct dirent **de_list;
@ -1178,6 +1178,9 @@ scandir_err:
} }
free(de_list); free(de_list);
} else {
ha_alert("ca-file: couldn't load '%s'\n", path);
goto err;
} }
objs = X509_STORE_get0_objects(store); objs = X509_STORE_get0_objects(store);