This is an automated email from the ASF dual-hosted git repository. sudheerv pushed a commit to branch svinukon_elevate_privs in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 6a2db443fca9a4d04f52c450f51c8b1e50aaac2a Author: Sudheer Vinukonda <[email protected]> AuthorDate: Mon Jun 10 15:02:11 2019 -0700 Elevate privileges when loading SSL Session Ticket key file --- iocore/net/SSLConfig.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 0183800..36bd751 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -574,6 +574,11 @@ SSLTicketParams::LoadTicket(bool &nochange) no_default_keyblock = ticket_params->default_global_keyblock == nullptr; } + // elevate/allow file access to root read only files/certs + uint32_t elevate_setting = 0; + REC_ReadConfigInteger(elevate_setting, "proxy.config.ssl.cert.load_elevated"); + ElevateAccess elevate_access(elevate_setting ? ElevateAccess::FILE_PRIVILEGE : 0); // destructor will demote for us + if (REC_ReadConfigStringAlloc(ticket_key_filename, "proxy.config.ssl.server.ticket_key.filename") == REC_ERR_OKAY && ticket_key_filename != nullptr) { ats_scoped_str ticket_key_path(Layout::relative_to(params->serverCertPathOnly, ticket_key_filename));
