BUG/MINOR: ssl: ssl_sock_prepare_ssl_ctx does not return an error code

rlebreton · wlallemand · commit 43899ec83dea · 2021-04-26T15:57:26.000+02:00
The return value check was wrongly based on error codes when the function actually returns an error number. This bug was introduced by f3eedfe which is a feature not present before branch 2.4. It does not need to be backported.
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
@@ -1259,6 +1259,7 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 	int y = 0;
 	char *err = NULL;
 	int errcode = 0;
+	int retval = 0;
 	struct ckch_store *old_ckchs, *new_ckchs = NULL;
 	struct ckch_inst *ckchi, *ckchis;
 	struct buffer *trash = alloc_trash_chunk();
@@ -1337,8 +1338,8 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 					new_inst->server = ckchi->server;
 					/* Create a new SSL_CTX and link it to the new instance. */
 					if (new_inst->is_server_instance) {
-						errcode |= ssl_sock_prepare_srv_ssl_ctx(ckchi->server, new_inst->ctx);
-						if (errcode & ERR_CODE)
+						retval = ssl_sock_prepare_srv_ssl_ctx(ckchi->server, new_inst->ctx);
+						if (retval)
 							goto error;
 					}
 
