ajschmidt opened a new pull request #3939: fixed bug in CertificateRegistry URL: https://github.com/apache/trafficcontrol/pull/3939 this bug was preventing updated certificates from loading and replacing older ones <!-- ************ STOP!! ************ If this Pull Request is intended to fix a security vulnerability, DO NOT submit it! Instead, contact the Apache Software Foundation Security Team at [email protected] and follow the guidelines at https://www.apache.org/security/ regarding vulnerability disclosure. --> ## What does this PR (Pull Request) do? This PR modifies the CertificateRegistry in TR so that it will choose the 'newer' of two certificates if it finds more than one SSL certificate for the same FQDN. The newer certificate is determined by examining the expiration dates of the two certificates and choosing the one with the later date. - [ ] This PR fixes #REPLACE_ME OR is not related to any Issue <!-- You can check for an issue here: https://github.com/apache/trafficcontrol/issues --> ## Which Traffic Control components are affected by this PR? - CDN in a Box - Traffic Router ## What is the best way to verify this PR? 1. First start Traffic Router and wait for it to finish initializing. 2. Go into Traffic Portal and add a new certificate for an existing HTTPS delivery service and make sure the expiration date for the new certificate is later that the existing certificate. 3. Wait for 2 minutes. There should be a log message in the TR logs indicating that new certificate has been loaded for the delivery service. 4. Use 'curl' to connect to the delivery service that has the updated certificate and then verify that the new certificate is being used by observing the 'curl' output. The expiration date in the curl output should match the expiration date set on the certificate. ## If this is a bug fix, what versions of Traffic Control are affected? - master (79897553d46a) - 3.0.0 - 3.0.1 (RC1) ## The following criteria are ALL met by this PR - [X] This PR includes tests OR I have explained why tests are unnecessary - [X] This PR includes documentation OR I have explained why documentation is unnecessary - [X] This PR includes an update to CHANGELOG.md OR such an update is not necessary - [X] This PR includes any and all required license headers - [X] This PR ensures that database migration sequence is correct OR this PR does not include a database migration - [X] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://www.apache.org/security/) for details) <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -->
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
