You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bc...@apache.org on 2019/01/11 01:07:53 UTC
[trafficserver] branch master updated: Calls SSL child config
callback after cert is loaded for both key parts
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 9c49e84 Calls SSL child config callback after cert is loaded for both key parts
9c49e84 is described below
commit 9c49e84dbbd34e6d24fd4a522699d10dc5e88fab
Author: Randall Meyer <ra...@yahoo.com>
AuthorDate: Tue Jan 8 12:48:13 2019 -0800
Calls SSL child config callback after cert is loaded for both key parts
This plays nicer with filesystems who's mtime can change on file read
---
iocore/net/SSLUtils.cc | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index d0ae283..7c9fbaf 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1738,10 +1738,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
X509_free(cert);
goto fail;
}
- certList.push_back(cert);
- if (SSLConfigParams::load_ssl_file_cb) {
- SSLConfigParams::load_ssl_file_cb(completeServerCertPath.c_str(), CONFIG_FLAG_UNVERSIONED);
- }
+
// Load up any additional chain certificates
SSL_CTX_add_extra_chain_cert_bio(ctx, bio);
@@ -1750,6 +1747,11 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
goto fail;
}
+ certList.push_back(cert);
+ if (SSLConfigParams::load_ssl_file_cb) {
+ SSLConfigParams::load_ssl_file_cb(completeServerCertPath.c_str(), CONFIG_FLAG_UNVERSIONED);
+ }
+
// Must load all the intermediate certificates before starting the next chain
// First, load any CA chains from the global chain file. This should probably