Skip to content

Commit

Permalink
BUG/MINOR: hlua: Wrong OCSP CID after modifying an SSL certficate (LUA)
Browse files Browse the repository at this point in the history 
This bugfix is the same as the following one:
    "BUG/MINOR: ssl_ckch: Wrong OCSP CID after modifying an SSL certficate"
where the OCSP CID had to be reset when updating a certificate.

Must be backported to 2.8.
  • Loading branch information
@haproxyFred
haproxyFred committed Dec 6, 2023
1 parent 29583ba commit 6975cac
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/hlua.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12920,6 +12920,14 @@ __LJMP static int hlua_ckch_set(lua_State *L)
lua_pop(L, 1);
}

/* Reset the OCSP CID */
if (cert_ext &&
(cert_ext->type == CERT_TYPE_PEM || cert_ext->type == CERT_TYPE_KEY ||
cert_ext->type == CERT_TYPE_ISSUER)) {
OCSP_CERTID_free(new_ckchs->data->ocsp_cid);
new_ckchs->data->ocsp_cid = NULL;
}

/* store the pointers on the lua stack */
lua_ckchs = lua_newuserdata(L, sizeof(struct ckch_store *) * 2);
lua_ckchs[0] = old_ckchs;
Expand Down

1 comment on commit 6975cac

@wlallemand
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

must be before the cert_ext->load()

Please sign in to comment.