git commit: TS-1198: ssl crash when certificates are missing

Tue, 10 Apr 2012 21:18:04 -0700 

Updated Branches:
  refs/heads/master 1df0305b7 -> 8586b8ec6


TS-1198: ssl crash when certificates are missing


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/8586b8ec
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/8586b8ec
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/8586b8ec

Branch: refs/heads/master
Commit: 8586b8ec6d6e934233fc195a4f35944cea1d85a4
Parents: 1df0305
Author: James Peach <[email protected]>
Authored: Tue Apr 10 21:17:02 2012 -0700
Committer: James Peach <[email protected]>
Committed: Tue Apr 10 21:17:32 2012 -0700

----------------------------------------------------------------------
 CHANGES                     |    4 +++-
 iocore/net/SSLCertLookup.cc |    7 +++++++
 2 files changed, 10 insertions(+), 1 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/8586b8ec/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 08f7447..cf972d2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,7 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 3.1.4
+  *) [TS-1198] ssl crash when certificates are missing
+
   *) [TS-1164] a race condition in cache init
 
   *) [TS-1079] Add an API function to turn debugging on for specific
@@ -8,7 +10,7 @@ Changes with Apache Traffic Server 3.1.4
 
   *) [TS-1194 Change conversions to build with gcc-4.6 on OmniOS/Solaris.
    Also cleanup a couple of plugins to use our "core" build environment.
-       
+
   *) [TS-1192] Remove gethostbyname usage in test code
 
   *) [TS-1147] deprecate records.config SSL configuration

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/8586b8ec/iocore/net/SSLCertLookup.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc
index 82baf3c..aef62c9 100644
--- a/iocore/net/SSLCertLookup.cc
+++ b/iocore/net/SSLCertLookup.cc
@@ -113,6 +113,13 @@ SSLCertLookup::init(SslConfigParams * p)
 {
   param = p;
   multipleCerts = buildTable();
+
+  // If there wasn't a default SSL context, make a default one. We need this 
to bootstrap
+  // the SNI process and also to avoid crashing (which is generaly frowned 
upon).
+  if (!this->ssl_default) {
+    // XXX this leaks, but we're a singleton, so ....
+    this->ssl_default = SSL_CTX_new(SSLv23_server_method());
+  }
 }
 
 bool

Reply via email to