You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/03/15 15:09:14 UTC
[trafficserver] branch 7.1.x updated: client cert should be added
to netvcoptions only when needed
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push:
new 3496333 client cert should be added to netvcoptions only when needed
3496333 is described below
commit 34963335f199cb6868affb6e1a23d486947fde14
Author: Persia Aziz <pe...@yahoo-inc.com>
AuthorDate: Mon Feb 27 12:41:25 2017 -0600
client cert should be added to netvcoptions only when needed
(cherry picked from commit a37401bda5cfad8ce90477f1875754aeab172522)
---
proxy/http/HttpSM.cc | 28 ++++++++++++----------------
1 file changed, 12 insertions(+), 16 deletions(-)
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index de4b87b..c74d888 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -4020,7 +4020,6 @@ HttpSM::do_remap_request(bool run_inline)
{
DebugSM("http_seq", "[HttpSM::do_remap_request] Remapping request");
DebugSM("url_rewrite", "Starting a possible remapping for request [%" PRId64 "]", sm_id);
- SSLConfig::scoped_config params;
bool ret = false;
if (t_state.cop_test_page == false) {
ret = remapProcessor.setup_for_remap(&t_state);
@@ -4061,20 +4060,6 @@ HttpSM::do_remap_request(bool run_inline)
pending_action = remap_action_handle;
}
- // check if the overridden client cert filename is already attached to an existing ssl context
- if (t_state.txn_conf->client_cert_filepath && t_state.txn_conf->client_cert_filename) {
- ats_scoped_str clientCert(Layout::relative_to(t_state.txn_conf->client_cert_filepath, t_state.txn_conf->client_cert_filename));
- if (clientCert != nullptr) {
- auto tCTX = params->getCTX(clientCert);
-
- if (tCTX == nullptr) {
- // make new client ctx and add it to the ctx list
- auto tctx = params->getNewCTX(clientCert);
- params->InsertCTX(clientCert, tctx);
- }
- }
- }
-
return;
}
@@ -5049,10 +5034,21 @@ HttpSM::do_http_server_open(bool raw)
if (host && len > 0) {
opt.set_sni_servername(host, len);
}
+
+ SSLConfig::scoped_config params;
+ // check if the overridden client cert filename is already attached to an existing ssl context
if (t_state.txn_conf->client_cert_filepath && t_state.txn_conf->client_cert_filename) {
ats_scoped_str clientCert(
- (Layout::relative_to(t_state.txn_conf->client_cert_filepath, t_state.txn_conf->client_cert_filename)));
+ Layout::relative_to(t_state.txn_conf->client_cert_filepath, t_state.txn_conf->client_cert_filename));
if (clientCert != nullptr) {
+ auto tCTX = params->getCTX(clientCert);
+
+ if (tCTX == nullptr) {
+ // make new client ctx and add it to the ctx list
+ Debug("ssl", "adding new cert for client cert %s", (char *)clientCert);
+ auto tctx = params->getNewCTX(clientCert);
+ params->InsertCTX(clientCert, tctx);
+ }
opt.set_client_certname(clientCert);
}
}
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].