For the "*" address, only set the default context on the first certificate.
This matches the behavior of actual scoped certificates (with an IP address). This closes #165. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/105a0c61 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/105a0c61 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/105a0c61 Branch: refs/heads/master Commit: 105a0c610bbd2a57f9466e08b9c1ed2d2fdb11e4 Parents: a0a40c3 Author: Thomas Jackson <[email protected]> Authored: Wed Jan 28 14:13:16 2015 -0800 Committer: James Peach <[email protected]> Committed: Wed Jan 28 14:51:01 2015 -0800 ---------------------------------------------------------------------- ci/new_tsqa/tests/test_https.py | 4 +++- iocore/net/SSLUtils.cc | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/105a0c61/ci/new_tsqa/tests/test_https.py ---------------------------------------------------------------------- diff --git a/ci/new_tsqa/tests/test_https.py b/ci/new_tsqa/tests/test_https.py index be014c6..2b38614 100644 --- a/ci/new_tsqa/tests/test_https.py +++ b/ci/new_tsqa/tests/test_https.py @@ -26,13 +26,15 @@ class TestSSL(helpers.EnvironmentCase): @classmethod def setUpEnv(cls, env): ''' - This funciton is responsible for setting up the environment for this fixture + This function is responsible for setting up the environment for this fixture This includes everything pre-daemon start ''' # add an SSL port to ATS cls.ssl_port = tsqa.utils.bind_unused_port()[1] cls.configs['records.config']['CONFIG']['proxy.config.http.server_ports'] += ' {0}:ssl'.format(cls.ssl_port) + cls.configs['records.config']['CONFIG']['proxy.config.diags.debug.enabled'] = 1 + cls.configs['records.config']['CONFIG']['proxy.config.diags.debug.tags'] = 'ssl' # configure SSL multicert cls.configs['ssl_multicert.config'].add_line('dest_ip=127.0.0.2 ssl_cert_name={0}'.format(helpers.tests_file_path('rsa_keys/www.example.com.pem'))) http://git-wip-us.apache.org/repos/asf/trafficserver/blob/105a0c61/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 7c52234..9d704d5 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1673,8 +1673,9 @@ ssl_store_ssl_context( // Index this certificate by the specified IP(v6) address. If the address is "*", make it the default context. if (sslMultCertSettings.addr) { if (strcmp(sslMultCertSettings.addr, "*") == 0) { - lookup->ssl_default = ctx; - lookup->insert(sslMultCertSettings.addr, SSLCertContext(ctx, sslMultCertSettings.opt)); + if (lookup->insert(sslMultCertSettings.addr, SSLCertContext(ctx, sslMultCertSettings.opt)) >= 0) { + lookup->ssl_default = ctx; + } } else { IpEndpoint ep;
