From d308c9a9f609c219f0146f94d6a075b44c11d175 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 10 Apr 2024 19:05:15 +0200
Subject: [PATCH] MINOR: ssl/crtlist: alloc ssl_conf only when a valid keyword
 is found

crt-list will be enhanced with ckch_conf keywords, however these keywords
does not fill the 'ssl_conf' structure. So we don't need to allocate the
ssl_conf for every options between [ ] but only when we found a relevant
one.
---
 src/ssl_crtlist.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index ff7f27985..3b1f53295 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -438,12 +438,6 @@ int crtlist_parse_line(char *line, char **crt_path, struct crtlist_entry *entry,
 			cfgerr |= ERR_WARN;
 		}
 
-		ssl_conf = calloc(1, sizeof *ssl_conf);
-		if (!ssl_conf) {
-			memprintf(err, "not enough memory!");
-			cfgerr |= ERR_ALERT | ERR_FATAL;
-			goto error;
-		}
 	}
 
 	cur_arg = ssl_b ? ssl_b : 1;
@@ -451,6 +445,14 @@ int crtlist_parse_line(char *line, char **crt_path, struct crtlist_entry *entry,
 		newarg = 0;
 		for (i = 0; ssl_crtlist_kws[i].kw != NULL; i++) {
 			if (strcmp(ssl_crtlist_kws[i].kw, args[cur_arg]) == 0) {
+				if (!ssl_conf)
+					ssl_conf = calloc(1, sizeof *ssl_conf);
+				if (!ssl_conf) {
+					memprintf(err, "not enough memory!");
+					cfgerr |= ERR_ALERT | ERR_FATAL;
+					goto error;
+				}
+
 				newarg = 1;
 				cfgerr |= ssl_crtlist_kws[i].parse(args, cur_arg, NULL, ssl_conf, from_cli, err);
 				if (cur_arg + 1 + ssl_crtlist_kws[i].skip > ssl_e) {
-- 
2.47.3