You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by sh...@apache.org on 2017/12/15 17:27:24 UTC

[trafficserver] branch master updated: Do not try to load empty client_cert path.

This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new bc37329  Do not try to load empty client_cert path.
bc37329 is described below

commit bc373294952bb5fd88a8f18fd3c8b5e977892a24
Author: Susan Hinrichs <sh...@apache.org>
AuthorDate: Fri Dec 15 15:42:38 2017 +0000

    Do not try to load empty client_cert path.
---
 iocore/net/SSLClientUtils.cc | 2 +-
 iocore/net/SSLConfig.cc      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc
index 2356a06..40dbfda 100644
--- a/iocore/net/SSLClientUtils.cc
+++ b/iocore/net/SSLClientUtils.cc
@@ -148,7 +148,7 @@ SSLInitClientContext(const SSLConfigParams *params)
     clientKeyPtr = params->clientCertPath;
   }
 
-  if (params->clientCertPath != nullptr) {
+  if (params->clientCertPath != nullptr && params->clientCertPath[0] != '\0') {
     if (!SSL_CTX_use_certificate_chain_file(client_ctx, params->clientCertPath)) {
       SSLError("failed to load client certificate from %s", params->clientCertPath);
       goto fail;
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index f50c72f..d32df4a 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -415,7 +415,7 @@ SSLConfigParams::getNewCTX(cchar *client_cert) const
     SSLError("Can't initialize the SSL client, HTTPS in remap rules will not function");
     return nullptr;
   }
-  if (nclient_ctx && client_cert != nullptr) {
+  if (nclient_ctx && client_cert != nullptr && client_cert[0] != '\0') {
     if (!SSL_CTX_use_certificate_chain_file(nclient_ctx, (const char *)client_cert)) {
       SSLError("failed to load client certificate from %s", this->clientCertPath);
       SSLReleaseContext(nclient_ctx);

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].