Hi Nenad, On Fri, Mar 25, 2016 at 11:35:01AM +0100, Nenad Merdanovic wrote: > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > index 1017388..767d6e9 100644 > --- a/src/ssl_sock.c > +++ b/src/ssl_sock.c > @@ -5406,7 +5406,7 @@ static int bind_parse_tls_ticket_keys(char **args, int > cur_arg, struct proxy *px > fclose(f); > > /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */ > - i-=2; > + i = (i - 2) % TLS_TICKETS_NO; > keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i;
I'm still seeing an issue here which is that i is an integer so (i - 2) % TLS_TICKETS_NO will be negative for values of i between 0 and 1. If this is intended, then maybe it would be better do fix it this way instead so that there's no ambiguity regarding the validity of the above operation : - keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i; + keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO; What do you think ? Thanks, Willy
