bneradt opened a new pull request, #13342:
URL: https://github.com/apache/trafficserver/pull/13342

   Default server certificate secret updates could rebuild the TLS
   contexts for CN/SAN lookups while leaving the default/no-SNI context
   pointing at the old SSL_CTX. Operators could update cert material on
   disk and through the secret API, but new handshakes without a more
   specific match could still serve the stale certificate.
   
   This updates runtime context refresh to cover address/default lookup
   entries owned by the same ssl_multicert policy and retains the
   default context while callers create new TLS sessions. This also adds
   an AuTest that updates a plugin-loaded default certificate and
   verifies the next no-SNI handshake sees the new certificate.
   
   Fixes: #9562


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to