BUG/MEDIUM: ssl: fix error path on generate-certificates

It was reported by Przemyslaw Bromber that using the "generate-certificates"
option combined with AWS-LC would crash HAProxy when a request is done with a
SNI longer than 64 bytes.

The problem is that the certificate is generated with a CN greater than 64
bytes which results in ssl_sock_do_create_cert() returning NULL. This
NULL value being passed to SSL_set_SSL_CTX.

With OpenSSL, passing a NULL SSL_CTX does not seem to be an issue as it
would just ignore it.

With AWS_LC, passing a NULL seems to crash the function. This was
reported to upstream AWS-LC and fixed in patch 7487ad1dcd8
https://github.com/aws/aws-lc/pull/2946.

This must be backported in every branches.

src/ssl_gencert.c

@@ -352,6 +352,8 @@ int ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind
 			ssl_ctx = (SSL_CTX *)lru->data;
 		if (!ssl_ctx && lru) {
 			ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
+			if (!ssl_ctx)
+				goto error;
 			lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
 		}
 		SSL_set_SSL_CTX(ssl, ssl_ctx);
@@ -360,11 +362,14 @@ int ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind
 	}
 	else {
 		ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
+		if (!ssl_ctx)
+			goto error;
 		SSL_set_SSL_CTX(ssl, ssl_ctx);
 		/* No LRU cache, this CTX will be released as soon as the session dies */
 		SSL_CTX_free(ssl_ctx);
 		return 1;
 	}
+error:
 	return 0;
 }
 int ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)