You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2015/01/23 15:37:23 UTC
trafficserver git commit: TS-3243: Remove warnings while loading
certificates with duplicate names.
Repository: trafficserver
Updated Branches:
refs/heads/master abe603564 -> 4f043934c
TS-3243: Remove warnings while loading certificates with duplicate names.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/4f043934
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/4f043934
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/4f043934
Branch: refs/heads/master
Commit: 4f043934c5d8e56e2ea6fa8f88badb7345e37d1c
Parents: abe6035
Author: shinrich <sh...@yahoo-inc.com>
Authored: Fri Jan 23 08:36:45 2015 -0600
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Fri Jan 23 08:36:45 2015 -0600
----------------------------------------------------------------------
CHANGES | 3 +++
iocore/net/SSLUtils.cc | 14 +++++++++-----
2 files changed, 12 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/4f043934/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 8022ffe..48f10e6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 5.3.0
+ *) [TS-3243] Removing warnings from loading certificates with duplicated
+ names.
+
*) [TS-3316] Fix the build for 32 bit architectures.
*) [TS-3100] Extend tr-pass to allow malformed HTTP GET requested to be blind
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/4f043934/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 536d656..7c52234 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1568,6 +1568,7 @@ ssl_index_certificate(SSLCertLookup * lookup, SSLCertContext const& cc, const ch
// Insert a key for the subject CN.
subject = X509_get_subject_name(cert);
+ ats_scoped_str subj_name;
if (subject) {
int pos = -1;
for (;;) {
@@ -1578,10 +1579,10 @@ ssl_index_certificate(SSLCertLookup * lookup, SSLCertContext const& cc, const ch
X509_NAME_ENTRY * e = X509_NAME_get_entry(subject, pos);
ASN1_STRING * cn = X509_NAME_ENTRY_get_data(e);
- ats_scoped_str name(asn1_strdup(cn));
+ subj_name = asn1_strdup(cn);
- Debug("ssl", "mapping '%s' to certificate %s", (const char *) name, certfile);
- lookup->insert(name, cc);
+ Debug("ssl", "mapping '%s' to certificate %s", (const char *) subj_name, certfile);
+ lookup->insert(subj_name, cc);
}
}
@@ -1596,8 +1597,11 @@ ssl_index_certificate(SSLCertLookup * lookup, SSLCertContext const& cc, const ch
name = sk_GENERAL_NAME_value(names, i);
if (name->type == GEN_DNS) {
ats_scoped_str dns(asn1_strdup(name->d.dNSName));
- Debug("ssl", "mapping '%s' to certificate %s", (const char *) dns, certfile);
- lookup->insert(dns, cc);
+ // only try to insert if the alternate name is not the main name
+ if (strcmp(dns, subj_name) != 0) {
+ Debug("ssl", "mapping '%s' to certificate %s", (const char *) dns, certfile);
+ lookup->insert(dns, cc);
+ }
}
}