mirror/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git synced 2026-02-05 21:03:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL

Browse Source 
ssl_store_load_locations_file() is using X509_get_default_cert_dir()
when using '@system-ca' as a parameter.

This function could return a NULL if OpenSSL was built with a
X509_CERT_DIR set to NULL, this is uncommon but let's fix this.

No backport needed, 2.6 only.

Fix issue #1637.
This commit is contained in:
William Lallemand
2022-04-05 10:19:30 +02:00
parent 0dbf03871f
commit 80296b4bd5
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/ssl_ckch.c
View File

@@ -1124,7 +1124,7 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
if (!X509_STORE_load_locations(store, file, NULL)) {
goto err;
}
} else {
} else if (dir) {
int n, i;
struct dirent **de_list;
@@ -1178,6 +1178,9 @@ scandir_err:
}
free(de_list);
} else {
ha_alert("ca-file: couldn't load '%s'\n", path);
goto err;
}
objs = X509_STORE_get0_objects(store);