in 32af203b75 ("REORG: cli: move ssl CLI functions to ssl_sock.c")
"set ssl tls-key" was accidentally replaced with "set ssl tls-keys"
(keys instead of key). This is undocumented and breaks upgrades from
1.6 to 1.7.
This patch restores "set ssl tls-key" and also registers a helptext.
This should be backported to 1.7.
---
src/ssl_sock.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7b8570c..79fddc8 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7905,6 +7905,7 @@ static int cli_parse_set_ocspresponse(char **args, struct
appctx *appctx, void *
static struct cli_kw_list cli_kws = {{ },{
#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
{ { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys
references or dump tls ticket keys when id specified", cli_parse_show_tlskeys,
NULL },
+ { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile]
<tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>",
cli_parse_set_tlskeys, NULL },
{ { "set", "ssl", "tls-keys", NULL }, NULL, cli_parse_set_tlskeys, NULL
},
#endif
{ { "set", "ssl", "ocsp-response", NULL }, NULL,
cli_parse_set_ocspresponse, NULL },
--
2.7.4
