You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by sh...@apache.org on 2016/07/25 20:46:17 UTC

[trafficserver] 01/01: TS-4671: Allow for multicert line with action specified but not ssl_cert_name.

This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch ts-4679
in repository https://git-dual.apache.org/repos/asf/trafficserver.git

commit 64d4894a94d8eb06017001240a42018a91bd700c
Author: shinrich <sh...@ieee.org>
AuthorDate: Mon Jul 18 13:39:03 2016 -0500

    TS-4671: Allow for multicert line with action specified but not ssl_cert_name.
---
 iocore/net/SSLUtils.cc | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 9963a8d..f6e646b 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1583,7 +1583,10 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config &sslMu
     SSL_CTX_set_default_passwd_cb_userdata(ctx, &ud);
   }
 
-  if (sslMultCertSettings.cert) {
+  if (!sslMultCertSettings.cert && sslMultCertSettings.opt != SSLCertContext::OPT_TUNNEL) {
+    Warning("No ssl_cert_name specified and no tunnel action set");
+    goto fail;
+  } else if (sslMultCertSettings.cert) {
     SimpleTokenizer cert_tok((const char *)sslMultCertSettings.cert, SSL_CERT_SEPARATE_DELIM);
     SimpleTokenizer key_tok((sslMultCertSettings.key ? (const char *)sslMultCertSettings.key : ""), SSL_CERT_SEPARATE_DELIM);
 
@@ -1888,7 +1891,7 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup *lookup, cons
 
       if (ats_ip_pton(sslMultCertSettings.addr, &ep) == 0) {
         Debug("ssl", "mapping '%s' to certificate %s", (const char *)sslMultCertSettings.addr, (const char *)certname);
-        if (certname != NULL && lookup->insert(ep, SSLCertContext(ctx, sslMultCertSettings.opt, keyblock)) >= 0) {
+        if (lookup->insert(ep, SSLCertContext(ctx, sslMultCertSettings.opt, keyblock)) >= 0) {
           inserted = true;
         }
       } else {
@@ -2009,10 +2012,8 @@ ssl_extract_certificate(const matcher_line *line_info, ssl_user_config &sslMultC
       }
     }
   }
-  if (!sslMultCertSettings.cert) {
-    Warning("missing %s tag", SSL_CERT_TAG);
-    return false;
-  } else {
+  // TS-4679:  It is ok to be missing the cert.  At least if the action is set to tunnel
+  if (sslMultCertSettings.cert) {
     SimpleTokenizer cert_tok(sslMultCertSettings.cert, SSL_CERT_SEPARATE_DELIM);
     const char *first_cert = cert_tok.getNext();
     if (first_cert) {

-- 
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.