You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2017/12/15 17:27:24 UTC
[trafficserver] branch master updated: Do not try to load empty
client_cert path.
This is an automated email from the ASF dual-hosted git repository.
shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new bc37329 Do not try to load empty client_cert path.
bc37329 is described below
commit bc373294952bb5fd88a8f18fd3c8b5e977892a24
Author: Susan Hinrichs <sh...@apache.org>
AuthorDate: Fri Dec 15 15:42:38 2017 +0000
Do not try to load empty client_cert path.
---
iocore/net/SSLClientUtils.cc | 2 +-
iocore/net/SSLConfig.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc
index 2356a06..40dbfda 100644
--- a/iocore/net/SSLClientUtils.cc
+++ b/iocore/net/SSLClientUtils.cc
@@ -148,7 +148,7 @@ SSLInitClientContext(const SSLConfigParams *params)
clientKeyPtr = params->clientCertPath;
}
- if (params->clientCertPath != nullptr) {
+ if (params->clientCertPath != nullptr && params->clientCertPath[0] != '\0') {
if (!SSL_CTX_use_certificate_chain_file(client_ctx, params->clientCertPath)) {
SSLError("failed to load client certificate from %s", params->clientCertPath);
goto fail;
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index f50c72f..d32df4a 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -415,7 +415,7 @@ SSLConfigParams::getNewCTX(cchar *client_cert) const
SSLError("Can't initialize the SSL client, HTTPS in remap rules will not function");
return nullptr;
}
- if (nclient_ctx && client_cert != nullptr) {
+ if (nclient_ctx && client_cert != nullptr && client_cert[0] != '\0') {
if (!SSL_CTX_use_certificate_chain_file(nclient_ctx, (const char *)client_cert)) {
SSLError("failed to load client certificate from %s", this->clientCertPath);
SSLReleaseContext(nclient_ctx);
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].