You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2019/06/05 16:14:53 UTC
[trafficserver] branch master updated: Preserve ticket key data
specified by TSSslTicketKeyUpdate.
This is an automated email from the ASF dual-hosted git repository.
shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 84efa23 Preserve ticket key data specified by TSSslTicketKeyUpdate.
84efa23 is described below
commit 84efa23e1941289e478dd218db4200da71d40854
Author: Susan Hinrichs <sh...@oath.com>
AuthorDate: Wed May 29 14:56:25 2019 +0000
Preserve ticket key data specified by TSSslTicketKeyUpdate.
---
iocore/net/P_SSLConfig.h | 2 +-
iocore/net/SSLConfig.cc | 20 +++++++++++++++-----
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h
index 098d923..3749a76 100644
--- a/iocore/net/P_SSLConfig.h
+++ b/iocore/net/P_SSLConfig.h
@@ -174,7 +174,7 @@ struct SSLTicketParams : public ConfigInfo {
ssl_ticket_key_block *default_global_keyblock = nullptr;
time_t load_time = 0;
char *ticket_key_filename;
- bool LoadTicket();
+ bool LoadTicket(bool &nochange);
void LoadTicketData(char *ticket_data, int ticket_data_len);
void cleanup();
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index eada98d..6097d17 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -558,9 +558,10 @@ SSLCertificateConfig::release(SSLCertLookup *lookup)
}
bool
-SSLTicketParams::LoadTicket()
+SSLTicketParams::LoadTicket(bool &nochange)
{
cleanup();
+ nochange = true;
#if TS_HAVE_OPENSSL_SESSION_TICKETS
ssl_ticket_key_block *keyblock = nullptr;
@@ -572,7 +573,7 @@ SSLTicketParams::LoadTicket()
SSLTicketKeyConfig::scoped_config ticket_params;
if (ticket_params) {
last_load_time = ticket_params->load_time;
- no_default_keyblock = ticket_params->default_global_keyblock != nullptr;
+ no_default_keyblock = ticket_params->default_global_keyblock == nullptr;
}
if (REC_ReadConfigStringAlloc(ticket_key_filename, "proxy.config.ssl.server.ticket_key.filename") == REC_ERR_OKAY &&
@@ -584,22 +585,25 @@ SSLTicketParams::LoadTicket()
if (sdata.st_mtime && sdata.st_mtime <= last_load_time) {
Debug("ssl", "ticket key %s has not changed", ticket_key_filename);
// No updates since last load
- return false;
+ return true;
}
}
+ nochange = false;
keyblock = ssl_create_ticket_keyblock(ticket_key_path);
// Initialize if we don't have one yet
} else if (no_default_keyblock) {
+ nochange = false;
keyblock = ssl_create_ticket_keyblock(nullptr);
} else {
// No need to update. Keep the previous ticket param
- return false;
+ return true;
}
if (!keyblock) {
Error("Could not load ticket key from %s", ticket_key_filename);
return false;
}
default_global_keyblock = keyblock;
+ load_time = time(NULL);
Debug("ssl", "ticket key reloaded from %s", ticket_key_filename);
return true;
@@ -638,10 +642,16 @@ SSLTicketKeyConfig::reconfigure()
SSLTicketParams *ticketKey = new SSLTicketParams();
if (ticketKey) {
- if (!ticketKey->LoadTicket()) {
+ bool nochange = false;
+ if (!ticketKey->LoadTicket(nochange)) {
delete ticketKey;
return false;
}
+ // Nothing updated, leave the original configuration
+ if (nochange) {
+ delete ticketKey;
+ return true;
+ }
}
configid = configProcessor.set(configid, ticketKey);
return true;