You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by shinrich <gi...@git.apache.org> on 2016/08/11 22:19:31 UTC

[GitHub] trafficserver pull request #853: TS-4619: intermediate chain loading can mis...

GitHub user shinrich opened a pull request:

    https://github.com/apache/trafficserver/pull/853

    TS-4619: intermediate chain loading can miss certificates.

    Made the changes @jpeach suggested in the bug.  Tested with three deep chains for rsa and ec (cert and two signers).  Tested with both signers in the ssl_ca_name files.  Tested with all three certs in the ssl_cert_name file.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/shinrich/trafficserver ts-4619

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafficserver/pull/853.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #853
    
----
commit 0ea0f210d8e0cda1e58d807a9884f7ec81f25c75
Author: shinrich <sh...@ieee.org>
Date:   2016-08-11T22:16:17Z

    TS-4619: intermediate chain loading can miss certificates.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #853: TS-4619: intermediate chain loading can miss certi...

Posted by atsci <gi...@git.apache.org>.

Github user atsci commented on the issue:

    https://github.com/apache/trafficserver/pull/853
  
    Linux build *successful*! See https://ci.trafficserver.apache.org/job/Github-Linux/418/ for details.
     



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #853: TS-4619: intermediate chain loading can miss certi...

Posted by jpeach <gi...@git.apache.org>.

Github user jpeach commented on the issue:

    https://github.com/apache/trafficserver/pull/853
  
    Is ``SSL_add1_chain_cert`` different from ``SSL_add0_chain_cert``?
    
    This looks good to me \U0001f44d 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver issue #853: TS-4619: intermediate chain loading can miss certi...

Posted by shinrich <gi...@git.apache.org>.

Github user shinrich commented on the issue:

    https://github.com/apache/trafficserver/pull/853
  
    The add1 version increments the reference count of the certificate, The add0 version doesn't, so it effectively takes ownership of the reference you pass in.  From the man page
    
    "All these functions are implemented as macros. Those containing a 1 increment the reference count of the supplied certificate or chain so it must be freed at some point after the operation. Those containing a 0 do not increment reference counts and the supplied certificate or chain MUST NOT be freed after the operation."


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] trafficserver pull request #853: TS-4619: intermediate chain loading can mis...

Posted by shinrich <gi...@git.apache.org>.

Github user shinrich closed the pull request at:

    https://github.com/apache/trafficserver/pull/853


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---