You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/05/31 19:56:23 UTC

[trafficserver] branch master updated: Changes the default for proxy.config.ssl.server.multicert.exit_on_load_fail

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/master by this push:
       new  4704525   Changes the default for proxy.config.ssl.server.multicert.exit_on_load_fail
4704525 is described below

commit 4704525a6f9b7ba4cc79b56fd58958dcb83f3225
Author: Leif Hedstrom <zw...@apache.org>
AuthorDate: Thu May 25 10:14:41 2017 -0600

    Changes the default for proxy.config.ssl.server.multicert.exit_on_load_fail
    
    This restores the old (and IMO expected) behavior of how we don't allow
    bad configurations to be reloaded / replaced. We've had a case where
    all certificates were lost for a small period of time, and an unrelated
    config reload happening at the same time caused us to lose all certificates.
---
 iocore/net/SSLConfig.cc | 2 +-
 mgmt/RecordsConfig.cc   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 093ebe8..343b3d9 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -101,7 +101,7 @@ SSLConfigParams::reset()
   ssl_session_cache_skip_on_contention = 0;
   ssl_session_cache_timeout            = 0;
   ssl_session_cache_auto_clear         = 1;
-  configExitOnLoadError                = 0;
+  configExitOnLoadError                = 1;
 }
 
 void
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index cf36d02..8ecd3ee 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1148,7 +1148,7 @@ static const RecordElement RecordsConfig[] =
   ,
   {RECT_CONFIG, "proxy.config.ssl.server.multicert.filename", RECD_STRING, "ssl_multicert.config", RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
   ,
-  {RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL}
+  {RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.ssl.server.ticket_key.filename", RECD_STRING, nullptr, RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
   ,

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].