You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by rwbarber2 <gi...@git.apache.org> on 2014/01/20 18:43:50 UTC
trafficserver pull request: TS-612 ATS does not allow password protected ce...
GitHub user rwbarber2 opened a pull request:
https://github.com/apache/trafficserver/pull/34
TS-612 ATS does not allow password protected certificates
First attempt at using git to create a pull request..please forgive ignorance if I did it wrong..
Added ink_process.cc with ink_popen() & ink_pclose() functions (which use posix_spawn) to execute the pass phrase dialog program.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/rwbarber2/trafficserver master
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/34.patch
----
commit 08a676e4253975c56620b738dbd61ccadc718ca7
Author: Ron Barber <rb...@yahoo-inc.com>
Date: 2014-01-20T17:30:20Z
TS-612 ATS does not allow password protected certificates
----
Re: trafficserver pull request: TS-612 ATS does not allow password protected ce...
Posted by Igor Galić <i....@brainsware.org>.
ACK
Ron Barber <rb...@yahoo-inc.com> wrote:
>
>
>On 1/21/14, 10:57 AM, "Igor Galić" <i....@brainsware.org> wrote:
>
>>
>>
>>----- Original Message -----
>>> GitHub user rwbarber2 opened a pull request:
>>>
>>> https://github.com/apache/trafficserver/pull/34
>>>
>>> TS-612 ATS does not allow password protected certificates
>>>
>>> First attempt at using git to create a pull request..please
>forgive
>>> ignorance if I did it wrong..
>>>
>>> Added ink_process.cc with ink_popen() & ink_pclose() functions
>>>(which use
>>> posix_spawn) to execute the pass phrase dialog program.
>>>
>>>
>>> You can merge this pull request into a Git repository by running:
>>>
>>> $ git pull https://github.com/rwbarber2/trafficserver master
>>>
>>> Alternatively you can review and apply these changes as the patch
>at:
>>>
>>> https://github.com/apache/trafficserver/pull/34.patch
>>>
>>> ----
>>> commit 08a676e4253975c56620b738dbd61ccadc718ca7
>>> Author: Ron Barber <rb...@yahoo-inc.com>
>>> Date: 2014-01-20T17:30:20Z
>>>
>>> TS-612 ATS does not allow password protected certificates
>>>
>>> ----
>>>
>>>
>>
>>+#if defined(linux)
>>+ env = environ;
>>+#elif defined(darwin)
>>+ env = *_NSGetEnviron();
>>+#endif
>>+
>>
>>This seems *very* limiting. we support more than those two platforms.
>>If memory serves me right, all others should support environ, BUT
>>Why would you want to use the environment anyway? You want to use
>>a fully-qualified path one way or another and not depend on the
>>environment.
>>
>>My suggestion is to pass an empty environment.
>
>In creating ink_popen I was trying to replicate much of the
>functionality
>of popen. Since popen forks the parent, the parents environment will
>be
>available to the child process. For this use-case, passing a NULL
>environment might be ok, but then again it's possible the pass phrase
>program/script needs something from the environment. Other use-cases
>might need the environment passed to it so I don't see the harm in it.
>
>It does seem like I should change the code as below to cover all
>non-darwin cases:
>+#if defined(darwin)
>+ env = *_NSGetEnviron();
>+#else
>+ env = environ;
>+#endif
>+
>
>
>-Ron
>
>>
>>--
>>Igor Galić
>>
>>Tel: +43 (0) 664 886 22 883
>>Mail: i.galic@brainsware.org
>>URL: http://brainsware.org/
>>GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641
>>
--
Sent from my phone. Please excuse my brevity.
Re: trafficserver pull request: TS-612 ATS does not allow password
protected ce...
Posted by James Peach <jp...@apache.org>.
On Jan 21, 2014, at 9:19 AM, Ron Barber <rb...@yahoo-inc.com> wrote:
>
>
> On 1/21/14, 10:57 AM, "Igor Galić" <i....@brainsware.org> wrote:
>
>>
>>
>> ----- Original Message -----
>>> GitHub user rwbarber2 opened a pull request:
>>>
>>> https://github.com/apache/trafficserver/pull/34
>>>
>>> TS-612 ATS does not allow password protected certificates
>>>
>>> First attempt at using git to create a pull request..please forgive
>>> ignorance if I did it wrong..
>>>
>>> Added ink_process.cc with ink_popen() & ink_pclose() functions
>>> (which use
>>> posix_spawn) to execute the pass phrase dialog program.
>>>
>>>
>>> You can merge this pull request into a Git repository by running:
>>>
>>> $ git pull https://github.com/rwbarber2/trafficserver master
>>>
>>> Alternatively you can review and apply these changes as the patch at:
>>>
>>> https://github.com/apache/trafficserver/pull/34.patch
>>>
>>> ----
>>> commit 08a676e4253975c56620b738dbd61ccadc718ca7
>>> Author: Ron Barber <rb...@yahoo-inc.com>
>>> Date: 2014-01-20T17:30:20Z
>>>
>>> TS-612 ATS does not allow password protected certificates
>>>
>>> ----
>>>
>>>
>>
>> +#if defined(linux)
>> + env = environ;
>> +#elif defined(darwin)
>> + env = *_NSGetEnviron();
>> +#endif
>> +
>>
>> This seems *very* limiting. we support more than those two platforms.
>> If memory serves me right, all others should support environ, BUT
>> Why would you want to use the environment anyway? You want to use
>> a fully-qualified path one way or another and not depend on the
>> environment.
>>
>> My suggestion is to pass an empty environment.
>
> In creating ink_popen I was trying to replicate much of the functionality
> of popen. Since popen forks the parent, the parents environment will be
> available to the child process. For this use-case, passing a NULL
> environment might be ok, but then again it's possible the pass phrase
> program/script needs something from the environment. Other use-cases
> might need the environment passed to it so I don't see the harm in it.
One reason to pass the environment down might be to preserve records.config override variables
https://trafficserver.readthedocs.org/en/latest/reference/configuration/records.config.en.html#environment-overrides
Re: trafficserver pull request: TS-612 ATS does not allow password
protected ce...
Posted by Ron Barber <rb...@yahoo-inc.com>.
On 1/21/14, 10:57 AM, "Igor Galić" <i....@brainsware.org> wrote:
>
>
>----- Original Message -----
>> GitHub user rwbarber2 opened a pull request:
>>
>> https://github.com/apache/trafficserver/pull/34
>>
>> TS-612 ATS does not allow password protected certificates
>>
>> First attempt at using git to create a pull request..please forgive
>> ignorance if I did it wrong..
>>
>> Added ink_process.cc with ink_popen() & ink_pclose() functions
>>(which use
>> posix_spawn) to execute the pass phrase dialog program.
>>
>>
>> You can merge this pull request into a Git repository by running:
>>
>> $ git pull https://github.com/rwbarber2/trafficserver master
>>
>> Alternatively you can review and apply these changes as the patch at:
>>
>> https://github.com/apache/trafficserver/pull/34.patch
>>
>> ----
>> commit 08a676e4253975c56620b738dbd61ccadc718ca7
>> Author: Ron Barber <rb...@yahoo-inc.com>
>> Date: 2014-01-20T17:30:20Z
>>
>> TS-612 ATS does not allow password protected certificates
>>
>> ----
>>
>>
>
>+#if defined(linux)
>+ env = environ;
>+#elif defined(darwin)
>+ env = *_NSGetEnviron();
>+#endif
>+
>
>This seems *very* limiting. we support more than those two platforms.
>If memory serves me right, all others should support environ, BUT
>Why would you want to use the environment anyway? You want to use
>a fully-qualified path one way or another and not depend on the
>environment.
>
>My suggestion is to pass an empty environment.
In creating ink_popen I was trying to replicate much of the functionality
of popen. Since popen forks the parent, the parents environment will be
available to the child process. For this use-case, passing a NULL
environment might be ok, but then again it's possible the pass phrase
program/script needs something from the environment. Other use-cases
might need the environment passed to it so I don't see the harm in it.
It does seem like I should change the code as below to cover all
non-darwin cases:
+#if defined(darwin)
+ env = *_NSGetEnviron();
+#else
+ env = environ;
+#endif
+
-Ron
>
>--
>Igor Galić
>
>Tel: +43 (0) 664 886 22 883
>Mail: i.galic@brainsware.org
>URL: http://brainsware.org/
>GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641
>
Re: trafficserver pull request: TS-612 ATS does not allow password
protected ce...
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
> GitHub user rwbarber2 opened a pull request:
>
> https://github.com/apache/trafficserver/pull/34
>
> TS-612 ATS does not allow password protected certificates
>
> First attempt at using git to create a pull request..please forgive
> ignorance if I did it wrong..
>
> Added ink_process.cc with ink_popen() & ink_pclose() functions (which use
> posix_spawn) to execute the pass phrase dialog program.
>
>
> You can merge this pull request into a Git repository by running:
>
> $ git pull https://github.com/rwbarber2/trafficserver master
>
> Alternatively you can review and apply these changes as the patch at:
>
> https://github.com/apache/trafficserver/pull/34.patch
>
> ----
> commit 08a676e4253975c56620b738dbd61ccadc718ca7
> Author: Ron Barber <rb...@yahoo-inc.com>
> Date: 2014-01-20T17:30:20Z
>
> TS-612 ATS does not allow password protected certificates
>
> ----
>
>
+#if defined(linux)
+ env = environ;
+#elif defined(darwin)
+ env = *_NSGetEnviron();
+#endif
+
This seems *very* limiting. we support more than those two platforms.
If memory serves me right, all others should support environ, BUT
Why would you want to use the environment anyway? You want to use
a fully-qualified path one way or another and not depend on the
environment.
My suggestion is to pass an empty environment.
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641