You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@trafficserver.apache.org by GitBox <gi...@apache.org> on 2022/12/07 00:39:16 UTC

[GitHub] [trafficserver] ywkaras commented on a diff in pull request #9230: Fail out when intermediate certificate chain fails to load

ywkaras commented on code in PR #9230:
URL: https://github.com/apache/trafficserver/pull/9230#discussion_r1041626760


##########
iocore/net/SSLUtils.cc:
##########
@@ -2445,6 +2445,8 @@ SSLMultiCertConfigLoader::load_certs(SSL_CTX *ctx, const std::vector<std::string
     // Load up any additional chain certificates
     if (!SSL_CTX_add_extra_chain_cert_bio(ctx, bio.get())) {
       Debug("ssl", "couldn't add chain to %p", ctx);
+      SSLError("failed to load intermediate certificate chain from %s", cert_names_list[i].c_str());
+      return false;

Review Comment:
   Clearly this should be an Error.  But, if you look at the call stack this function is at the bottom of, it's not clear whether or not it better to return false here.  I assume none of these errors cause Fatal() calls because of the reload case.  TS code tends avoid exiting on a reload error.  Without necessarily considering it may be worse to keep running in a corrupt state.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org