konevsa/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MINOR: ssl: Add helper function to add cafile entries

Browse Source 
Adds a way to insert a new uncommitted cafile_entry in the tree. This
entry will be the one fetched by any lookup in the tree unless the
oldest cafile_entry is explicitely looked for. This way, until a "commit
ssl ca-file" command is completed, there could be two cafile_entries
with the same path in the tree, the original one and the newly updated
one.
This commit is contained in:
Remi Tricot-Le Breton 2021-02-23 16:28:43 +01:00 committed by William Lallemand
parent 383fb1472e
commit 38c999b11c
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/haproxy/ssl_ckch.h
View File

@ -59,6 +59,7 @@ void ckch_inst_add_cafile_link(struct ckch_inst *ckch_inst, struct bind_conf *bi
/* ssl_store functions */
struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry);
X509_STORE* ssl_store_get0_locations_file(char *path);
int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry);
struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store);
void ssl_store_delete_cafile_entry(struct cafile_entry *ca_e);
int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf);

5
src/ssl_ckch.c
View File

@ -961,6 +961,11 @@ struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry)
return ca_e;
}
int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry)
{
return (ebst_insert(&cafile_tree, &entry->node) != &entry->node);
}
X509_STORE* ssl_store_get0_locations_file(char *path)
{
struct cafile_entry *ca_e = ssl_store_get_cafile_entry(path, 0);