[trafficserver] branch master updated: Changes the default for proxy.config.ssl.server.multicert.exit_on_load_fail

Wed, 31 May 2017 12:56:54 -0700 

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/master by this push:
       new  4704525   Changes the default for 
proxy.config.ssl.server.multicert.exit_on_load_fail
4704525 is described below

commit 4704525a6f9b7ba4cc79b56fd58958dcb83f3225
Author: Leif Hedstrom <[email protected]>
AuthorDate: Thu May 25 10:14:41 2017 -0600

    Changes the default for proxy.config.ssl.server.multicert.exit_on_load_fail
    
    This restores the old (and IMO expected) behavior of how we don't allow
    bad configurations to be reloaded / replaced. We've had a case where
    all certificates were lost for a small period of time, and an unrelated
    config reload happening at the same time caused us to lose all certificates.
---
 iocore/net/SSLConfig.cc | 2 +-
 mgmt/RecordsConfig.cc   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 093ebe8..343b3d9 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -101,7 +101,7 @@ SSLConfigParams::reset()
   ssl_session_cache_skip_on_contention = 0;
   ssl_session_cache_timeout            = 0;
   ssl_session_cache_auto_clear         = 1;
-  configExitOnLoadError                = 0;
+  configExitOnLoadError                = 1;
 }
 
 void
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index cf36d02..8ecd3ee 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1148,7 +1148,7 @@ static const RecordElement RecordsConfig[] =
   ,
   {RECT_CONFIG, "proxy.config.ssl.server.multicert.filename", RECD_STRING, 
"ssl_multicert.config", RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
   ,
-  {RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail", 
RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL}
+  {RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail", 
RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.ssl.server.ticket_key.filename", RECD_STRING, 
nullptr, RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
   ,

-- 
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].

Reply via email to