Since commit 3180f7b55434 ("MINOR: ssl: load certificates in
alphabetical order"), `readdir` was replaced by `scandir`. I first
wanted to simply move the `closedir` earlier as we no longer use it
after, but then I thought we could simply rely on `scandir` return
value; in case of error, it could be:
- not a directory, in that case we try to load it as file, as before
- any other error, in which case `ckchs_load_cert_file` will fail as
well

Signed-off-by: William Dauchy <w.dau...@criteo.com>
---
 src/ssl_sock.c | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e4dd913a..3e8d57c2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4249,7 +4249,6 @@ int ssl_sock_load_cert(char *path, struct bind_conf 
*bind_conf, char **err)
 {
        struct dirent **de_list;
        int i, n;
-       DIR *dir;
        struct stat buf;
        char *end;
        char fp[MAXPATHLEN+1];
@@ -4265,26 +4264,20 @@ int ssl_sock_load_cert(char *path, struct bind_conf 
*bind_conf, char **err)
        }
 
        if (stat(path, &buf) == 0) {
-               dir = opendir(path);
-               if (!dir) {
-                       ckchs =  ckchs_load_cert_file(path, 0,  err);
-                       if (!ckchs)
-                               return ERR_ALERT | ERR_FATAL;
-
-                       return ssl_sock_load_ckchs(path, ckchs, bind_conf, 
NULL, NULL, 0, err);
-               }
-
                /* strip trailing slashes, including first one */
                for (end = path + strlen(path) - 1; end >= path && *end == '/'; 
end--)
                        *end = 0;
 
                n = scandir(path, &de_list, 0, alphasort);
                if (n < 0) {
-                       memprintf(err, "%sunable to scan directory '%s' : 
%s.\n",
-                                 err && *err ? *err : "", path, 
strerror(errno));
-                       cfgerr |= ERR_ALERT | ERR_FATAL;
-               }
-               else {
+                       memprintf(err, "%sunable to scan directory '%s': %s; "
+                                       "trying to load as file.\n",
+                                       err && *err ? *err : "", path, 
strerror(errno));
+                       ckchs = ckchs_load_cert_file(path, 0,  err);
+                       if (!ckchs)
+                               return ERR_ALERT | ERR_FATAL;
+                       return ssl_sock_load_ckchs(path, ckchs, bind_conf, 
NULL, NULL, 0, err);
+               } else {
                        for (i = 0; i < n; i++) {
                                struct dirent *de = de_list[i];
 
@@ -4355,7 +4348,6 @@ ignore_entry:
                        }
                        free(de_list);
                }
-               closedir(dir);
                return cfgerr;
        }
 
-- 
2.24.1


Reply via email to