You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2019/02/04 23:57:38 UTC
[trafficserver] branch 8.0.x updated: Calls SSL child config
callback after cert is loaded for both key parts
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.0.x by this push:
new 57231ca Calls SSL child config callback after cert is loaded for both key parts
57231ca is described below
commit 57231cad6717e40f5155ded40b99248ea0cc239b
Author: Randall Meyer <ra...@yahoo.com>
AuthorDate: Tue Jan 8 12:48:13 2019 -0800
Calls SSL child config callback after cert is loaded for both key parts
This plays nicer with filesystems who's mtime can change on file read
(cherry picked from commit 9c49e84dbbd34e6d24fd4a522699d10dc5e88fab)
---
iocore/net/SSLUtils.cc | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 6c4643a..67aea04 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1700,10 +1700,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
X509_free(cert);
goto fail;
}
- certList.push_back(cert);
- if (SSLConfigParams::load_ssl_file_cb) {
- SSLConfigParams::load_ssl_file_cb(completeServerCertPath.c_str(), CONFIG_FLAG_UNVERSIONED);
- }
+
// Load up any additional chain certificates
SSL_CTX_add_extra_chain_cert_bio(ctx, bio);
@@ -1712,6 +1709,11 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
goto fail;
}
+ certList.push_back(cert);
+ if (SSLConfigParams::load_ssl_file_cb) {
+ SSLConfigParams::load_ssl_file_cb(completeServerCertPath.c_str(), CONFIG_FLAG_UNVERSIONED);
+ }
+
// Must load all the intermediate certificates before starting the next chain
// First, load any CA chains from the global chain file. This should probably