RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-09 07:09:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: cli/ssl: handle trailing slashes in crt-list commands

Browse Source 
Trailing slashes were not handled in crt-list commands on CLI which can
be useful when you use the commands with a directory.

Strip the slashes before looking for the crtlist in the tree.
This commit is contained in:
William Lallemand 2020-06-25 15:19:51 +02:00 committed by William Lallemand
parent c54e5ad9cc
commit 99cc21851f
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
reg-tests/ssl/add_ssl_crt-list.vtc
View File

@ -70,11 +70,11 @@ shell {
echo "new ssl cert ${testdir}/ecdsa.pem" | socat "${tmpdir}/h1/stats" -
printf "set ssl cert ${testdir}/ecdsa.pem <<\n$(cat ${testdir}/ecdsa.pem)\n\n" | socat "${tmpdir}/h1/stats" -
echo "commit ssl cert ${testdir}/ecdsa.pem" | socat "${tmpdir}/h1/stats" -
printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem [ssl-min-ver SSLv3 verify none allow-0rtt] localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
printf "add ssl crt-list ${testdir}/localhost.crt-list/ <<\n${testdir}/ecdsa.pem [ssl-min-ver SSLv3 verify none allow-0rtt] localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem [verify none allow-0rtt]\n\n" | socat "${tmpdir}/h1/stats" -
printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem\n\n" | socat "${tmpdir}/h1/stats" -
printf "add ssl crt-list ${testdir}/localhost.crt-list ${testdir}/ecdsa.pem\n" | socat "${tmpdir}/h1/stats" -
printf "add ssl crt-list ${testdir}/localhost.crt-list/// <<\n${testdir}/ecdsa.pem localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
printf "add ssl crt-list ${testdir}/localhost.crt-list///// <<\n${testdir}/ecdsa.pem\n\n" | socat "${tmpdir}/h1/stats" -
printf "add ssl crt-list ${testdir}/localhost.crt-list// ${testdir}/ecdsa.pem\n" | socat "${tmpdir}/h1/stats" -
}
haproxy h1 -cli {
@ -83,7 +83,7 @@ haproxy h1 -cli {
}
haproxy h1 -cli {
send "show ssl crt-list ${testdir}/localhost.crt-list"
send "show ssl crt-list ${testdir}/localhost.crt-list//"
# check the options and the filters in any order
expect ~ ".*${testdir}/ecdsa.pem \\[(?=.*verify none)(?=.*allow-0rtt)(?=.*ssl-min-ver SSLv3).*\\](?=.*!www.test1.com)(?=.*localhost).*"
}

18
src/ssl_crtlist.c
View File

@ -824,6 +824,7 @@ static int cli_parse_dump_crtlist(char **args, char *payload, struct appctx *app
struct ebmb_node *lnode;
char *filename = NULL;
int mode;
char *end;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
@ -843,6 +844,12 @@ static int cli_parse_dump_crtlist(char **args, char *payload, struct appctx *app
return cli_err(appctx, "'show ssl crt-list -n' expects a filename or a directory\n");
if (filename && *filename) {
/* strip trailing slashes, including first one */
for (end = filename + strlen(filename) - 1; end >= filename && *end == '/'; end--)
*end = 0;
lnode = ebst_lookup(&crtlists_tree, filename);
if (lnode == NULL)
return cli_err(appctx, "didn't find the specified filename\n");
@ -1017,6 +1024,7 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
struct ebpt_node *inserted;
struct crtlist *crtlist;
struct crtlist_entry *entry = NULL;
char *end;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
@ -1026,6 +1034,10 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
crtlist_path = args[3];
/* strip trailing slashes, including first one */
for (end = crtlist_path + strlen(crtlist_path) - 1; end >= crtlist_path && *end == '/'; end--)
*end = 0;
if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
return cli_err(appctx, "Operations on certificates are currently locked!\n");
@ -1151,6 +1163,7 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
struct ckch_inst *inst, *inst_s;
int linenum = 0;
char *colons;
char *end;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
@ -1175,6 +1188,11 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
}
*colons = '\0';
}
/* strip trailing slashes, including first one */
for (end = crtlist_path + strlen(crtlist_path) - 1; end >= crtlist_path && *end == '/'; end--)
*end = 0;
/* look for crtlist */
ebmb = ebst_lookup(&crtlists_tree, crtlist_path);
if (!ebmb) {