From 26fa4aaf4c33a2a48b0ca590fc8cc4afd862307c Mon Sep 17 00:00:00 2001 From: yanbzhu Date: Mon, 7 Dec 2015 13:43:42 -0500 Subject: [PATCH 5/6] MINOR: ssl: Clean up unused code, fixed spelling error Removed unused code, added better error messaging and corrected spelling of function name. --- src/ssl_sock.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 58b4f81..942043f 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1765,19 +1765,11 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_an return 1; } - /* This only happens for OpenSSL Versions < 1.0.2 - * Otherwise ctx->extra_certs will always be NULL - */ - if (ctx->extra_certs != NULL) { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } - /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */ for (i = 0; i < ckch->num_chain_certs; i++) { if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) { - memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n", - err && *err ? *err : "", path); + memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n", + err && *err ? *err : "",(i+1), path); return 1; } } @@ -1836,7 +1828,7 @@ static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root * 0 on success * 1 on failure */ -static int ssl_sock_load_muti_cert(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, char **err) +static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, char **err) { char fp[MAXPATHLEN+1] = {0}; int n = 0; @@ -2010,7 +2002,7 @@ end: } #else /* This is a dummy, that just logs an error and returns error */ -static int ssl_sock_load_muti_cert(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, char **err) +static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, char **err) { memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n", err && *err ? *err : "", path, strerror(errno)); @@ -2251,7 +2243,7 @@ ignore_entry: return cfgerr; } - cfgerr = ssl_sock_load_muti_cert(path, bind_conf, curproxy, NULL, err); + cfgerr = ssl_sock_load_multi_cert(path, bind_conf, curproxy, NULL, err); return cfgerr; } @@ -2338,7 +2330,7 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct if (stat(args[0], &buf) == 0) { cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err); } else { - cfgerr = ssl_sock_load_muti_cert(args[0], bind_conf, curproxy, NULL, err); + cfgerr = ssl_sock_load_multi_cert(args[0], bind_conf, curproxy, NULL, err); } if (cfgerr) { -- 2.5.3