]> git.kaiwu.me - haproxy.git/commitdiff
BUG/MINOR: ssl: don't print NULL errmsg in ssl_sock_prepare_all_ctx() 20260702-fips
authorWilliam Lallemand <wlallemand@haproxy.com>
Thu, 2 Jul 2026 15:00:57 +0000 (15:00 +0000)
committerWilliam Lallemand <wlallemand@haproxy.com>
Thu, 2 Jul 2026 15:51:59 +0000 (15:51 +0000)
When ssl_sock_prepare_all_ctx() encounters a non-zero errcode but errmsg
was never populated (because the underlying check already reported the
error directly via ha_alert()), the final ha_alert("%s", errmsg) call
emits a spurious "(null)" alert to the log.

Guard the ha_warning/ha_alert calls with a NULL check on errmsg.

This should be backported to all maintained branches.

src/ssl_sock.c

index 275272a2b6e77dd895a7ae8bad3689d90d6a07ac..1e34ce969359d72acf4a0d8a61d5f8124cce7e5d 100644 (file)
@@ -5444,9 +5444,11 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
        }
 
        if (errcode & ERR_WARN) {
-               ha_warning("%s", errmsg);
+               if (errmsg)
+                       ha_warning("%s", errmsg);
        } else if (errcode & ERR_CODE) {
-               ha_alert("%s", errmsg);
+               if (errmsg)
+                       ha_alert("%s", errmsg);
                err++;
        }