RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-16 20:15:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl/cli: 'show ssl crl-file' escape the first '*' of a filename

Browse Source 
When doing a 'show ssl crl-file <filename>', prefixing a filename with a '*'
allows to show the uncommited transaction asociated to this filename.

However for people using '*' as the first character of their
filename, there is no way to access this filename.

This patch fixes the problem by allowing to escape the first
character with \.

This should be backported in every stable branches.
This commit is contained in:
William Lallemand 2024-12-16 16:46:52 +01:00
parent 2ba4cf541b
commit 82c83a11a1
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/management.txt
View File

@ -3617,7 +3617,7 @@ show ssl cert [[*][\]<filename>]
Status: Used
[...]
show ssl crl-file [<crlfile>[:<index>]]
show ssl crl-file [[*][\]<crlfile>[:<index>]]
Display the list of CRL files loaded into the process. They are not used
by any frontend or backend until their status is "Used".
If a filename is prefixed by an asterisk, it is a transaction which is not
@ -3630,7 +3630,8 @@ show ssl crl-file [<crlfile>[:<index>]]
If the index is invalid (too big for instance), nothing will be displayed.
This command can be useful to check if a CRL file was properly updated.
You can also display the details of an ongoing transaction by prefixing the
filename by an asterisk.
filename by a '*'. If the first character of the filename is a '*', it can be
escaped with '\*'.
Example :

14
src/ssl_ckch.c
View File

@ -4191,7 +4191,7 @@ end:
return 0;
}
/* IO handler of details "show ssl crl-file <filename[:index]>".
/* IO handler of details "show ssl crl-file [*][\]<filename[:index]>".
* It uses show_crlfile_ctx and the global
* crlfile_transaction.new_cafile_entry in read-only.
*/
@ -4293,18 +4293,26 @@ static int cli_parse_show_crlfile(char **args, char *payload, struct appctx *app
}
if (*args[3] == '*') {
char *filename = args[3]+1;
if (filename[0] == '\\')
filename++;
if (!crlfile_transaction.new_crlfile_entry)
goto error;
cafile_entry = crlfile_transaction.new_crlfile_entry;
if (strcmp(args[3] + 1, cafile_entry->path) != 0)
if (strcmp(filename, cafile_entry->path) != 0)
goto error;
} else {
char *filename = args[3];
if (filename[0] == '\\')
filename++;
/* Get the "original" cafile_entry and not the
* uncommitted one if it exists. */
if ((cafile_entry = ssl_store_get_cafile_entry(args[3], 1)) == NULL || cafile_entry->type != CAFILE_CRL)
if ((cafile_entry = ssl_store_get_cafile_entry(filename, 1)) == NULL || cafile_entry->type != CAFILE_CRL)
goto error;
}