You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/05/31 19:56:23 UTC
[trafficserver] branch master updated: Changes the default for
proxy.config.ssl.server.multicert.exit_on_load_fail
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 4704525 Changes the default for proxy.config.ssl.server.multicert.exit_on_load_fail
4704525 is described below
commit 4704525a6f9b7ba4cc79b56fd58958dcb83f3225
Author: Leif Hedstrom <zw...@apache.org>
AuthorDate: Thu May 25 10:14:41 2017 -0600
Changes the default for proxy.config.ssl.server.multicert.exit_on_load_fail
This restores the old (and IMO expected) behavior of how we don't allow
bad configurations to be reloaded / replaced. We've had a case where
all certificates were lost for a small period of time, and an unrelated
config reload happening at the same time caused us to lose all certificates.
---
iocore/net/SSLConfig.cc | 2 +-
mgmt/RecordsConfig.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 093ebe8..343b3d9 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -101,7 +101,7 @@ SSLConfigParams::reset()
ssl_session_cache_skip_on_contention = 0;
ssl_session_cache_timeout = 0;
ssl_session_cache_auto_clear = 1;
- configExitOnLoadError = 0;
+ configExitOnLoadError = 1;
}
void
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index cf36d02..8ecd3ee 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1148,7 +1148,7 @@ static const RecordElement RecordsConfig[] =
,
{RECT_CONFIG, "proxy.config.ssl.server.multicert.filename", RECD_STRING, "ssl_multicert.config", RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
- {RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL}
+ {RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL}
,
{RECT_CONFIG, "proxy.config.ssl.server.ticket_key.filename", RECD_STRING, nullptr, RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].