You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2016/07/25 20:46:17 UTC
[trafficserver] 01/01: TS-4671: Allow for multicert line with
action specified but not ssl_cert_name.
This is an automated email from the ASF dual-hosted git repository.
shinrich pushed a commit to branch ts-4679
in repository https://git-dual.apache.org/repos/asf/trafficserver.git
commit 64d4894a94d8eb06017001240a42018a91bd700c
Author: shinrich <sh...@ieee.org>
AuthorDate: Mon Jul 18 13:39:03 2016 -0500
TS-4671: Allow for multicert line with action specified but not ssl_cert_name.
---
iocore/net/SSLUtils.cc | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 9963a8d..f6e646b 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1583,7 +1583,10 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config &sslMu
SSL_CTX_set_default_passwd_cb_userdata(ctx, &ud);
}
- if (sslMultCertSettings.cert) {
+ if (!sslMultCertSettings.cert && sslMultCertSettings.opt != SSLCertContext::OPT_TUNNEL) {
+ Warning("No ssl_cert_name specified and no tunnel action set");
+ goto fail;
+ } else if (sslMultCertSettings.cert) {
SimpleTokenizer cert_tok((const char *)sslMultCertSettings.cert, SSL_CERT_SEPARATE_DELIM);
SimpleTokenizer key_tok((sslMultCertSettings.key ? (const char *)sslMultCertSettings.key : ""), SSL_CERT_SEPARATE_DELIM);
@@ -1888,7 +1891,7 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup *lookup, cons
if (ats_ip_pton(sslMultCertSettings.addr, &ep) == 0) {
Debug("ssl", "mapping '%s' to certificate %s", (const char *)sslMultCertSettings.addr, (const char *)certname);
- if (certname != NULL && lookup->insert(ep, SSLCertContext(ctx, sslMultCertSettings.opt, keyblock)) >= 0) {
+ if (lookup->insert(ep, SSLCertContext(ctx, sslMultCertSettings.opt, keyblock)) >= 0) {
inserted = true;
}
} else {
@@ -2009,10 +2012,8 @@ ssl_extract_certificate(const matcher_line *line_info, ssl_user_config &sslMultC
}
}
}
- if (!sslMultCertSettings.cert) {
- Warning("missing %s tag", SSL_CERT_TAG);
- return false;
- } else {
+ // TS-4679: It is ok to be missing the cert. At least if the action is set to tunnel
+ if (sslMultCertSettings.cert) {
SimpleTokenizer cert_tok(sslMultCertSettings.cert, SSL_CERT_SEPARATE_DELIM);
const char *first_cert = cert_tok.getNext();
if (first_cert) {
--
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.