sinjuginas/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: bind_conf is uncorrectly accessed when using QUIC

Browse Source 
Since commit 9b2598 ("BUG/MEDIUM: ssl: Verify error codes can exceed
63"), the ca_ignerr_bitfield and crt_ignerr_bietfield are incorrecly
accessed from __objt_listener(conn->target)->bind_conf which is not
avaiable from QUIC. The bind_conf variable was mistakenly replaced.

This patch fixes the issue by using again the bind_conf variable.

Must be backported where 9b2598 was backported.
This commit is contained in:
William Lallemand 2022-11-10 16:45:24 +01:00
parent 30fc6da148
commit 4639689d89
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_sock.c
View File

@ -1778,7 +1778,7 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
}
if (err <= SSL_MAX_VFY_ERROR_CODE &&
cert_ignerr_bitfield_get(__objt_listener(conn->target)->bind_conf->ca_ignerr_bitfield, err))
cert_ignerr_bitfield_get(bind_conf->ca_ignerr_bitfield, err))
goto err_ignored;
/* TODO: for QUIC connection, this error code is lost */
@ -1792,7 +1792,7 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
/* check if certificate error needs to be ignored */
if (err <= SSL_MAX_VFY_ERROR_CODE &&
cert_ignerr_bitfield_get(__objt_listener(conn->target)->bind_conf->crt_ignerr_bitfield, err))
cert_ignerr_bitfield_get(bind_conf->crt_ignerr_bitfield, err))
goto err_ignored;
/* TODO: for QUIC connection, this error code is lost */