You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Bryan Call (JIRA)" <ji...@apache.org> on 2016/08/16 18:11:20 UTC
[jira] [Commented] (TS-2967) Failed assert if ssl_multicert.config
doesn't exist
[ https://issues.apache.org/jira/browse/TS-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15423175#comment-15423175 ]
Bryan Call commented on TS-2967:
--------------------------------
[~nottheoilrig]
Please create a pull request for this.
> Failed assert if ssl_multicert.config doesn't exist
> ---------------------------------------------------
>
> Key: TS-2967
> URL: https://issues.apache.org/jira/browse/TS-2967
> Project: Traffic Server
> Issue Type: Bug
> Components: Configuration, SSL
> Reporter: Jack Bates
> Assignee: Susan Hinrichs
> Labels: newbie
> Fix For: sometime
>
>
> If an ssl_multicert.config file doesn't exist then SSLParseCertificateConfiguration() returns false (SSLUtils.cc line 1435)
> and SSLCertificateConfig::reconfigure() doesn't initialize configid (SSLConfig.cc line 333)
> Then when SSLRecRawStatSyncCount() calls SSLCertificateConfig::acquire() (SSLUtils.cc line 502)
> it calls ConfigProcessor::get() with configid zero (SSLConfig.cc line 342)
> and there's an ink_assert(id != 0) (ProxyConfig.cc line 175)
> One way to avoid the failed assert is if SSLCertificateConfig::acquire() and SSLCertificateConfig::release() only call ConfigProcessor::get/release() if (configid !=0)
> Another way might be if SSLCertificateConfig::reconfigure() initialized configid with configProcessor.set(configid, NULL) if SSLParseCertificateConfiguration() returns false?
> Or SSLParseCertificateConfiguration() could treat a nonexistent ssl_multicert.config the same as it treats a blank file? ({{touch ssl_multicert.config}} makes the failed assert go away.)
> Or maybe there's another better way to avoid the failed assert?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)