[jira] [Commented] (TS-2967) failed assert if ssl_multicert.config doesn't exist

Wed, 30 Jul 2014 10:21:13 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14079566#comment-14079566
 ] 

Jack Bates commented on TS-2967:
--------------------------------

I'm happy to axe those asserts
(you know this stuff far better than I do)
but I worry you might want them if you accidentally call 
{{ConfigProcessor::get()}} with an invalid index? (Say from another place where 
{{ConfigProcessor::get()}} is used.)

What about checking if {{configid}} is initialized in 
{{SSLCertificateConfig::acquire()}} and {{SSLCertificateConfig::release()}}?

{code}
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -339,12 +339,16 @@ SSLCertificateConfig::reconfigure()
 SSLCertLookup *
 SSLCertificateConfig::acquire()
 {
-  return (SSLCertLookup *)configProcessor.get(configid);
+  if (configid != 0) {
+    return (SSLCertLookup *)configProcessor.get(configid);
+  }
 }
 
 void
 SSLCertificateConfig::release(SSLCertLookup * lookup)
 {
-  configProcessor.release(configid, lookup);
+  if (configid != 0) {
+    configProcessor.release(configid, lookup);
+  }
 }
 
{code}

> failed assert if ssl_multicert.config doesn't exist
> ---------------------------------------------------
>
>                 Key: TS-2967
>                 URL: https://issues.apache.org/jira/browse/TS-2967
>             Project: Traffic Server
>          Issue Type: Bug
>            Reporter: Jack Bates
>
> If an ssl_multicert.config file doesn't exist then 
> SSLParseCertificateConfiguration() returns false (SSLUtils.cc line 1435)
> and SSLCertificateConfig::reconfigure() doesn't initialize configid 
> (SSLConfig.cc line 333)
> Then when SSLRecRawStatSyncCount() calls SSLCertificateConfig::acquire() 
> (SSLUtils.cc line 502)
> it calls ConfigProcessor::get() with configid zero (SSLConfig.cc line 342)
> and there's an ink_assert(id != 0) (ProxyConfig.cc line 175)
> One way to avoid the failed assert is if SSLCertificateConfig::acquire() and 
> SSLCertificateConfig::release() only call ConfigProcessor::get/release() if 
> (configid !=0)
> Another way might be if SSLCertificateConfig::reconfigure() initialized 
> configid with configProcessor.set(configid, NULL) if 
> SSLParseCertificateConfiguration() returns false?
> Or SSLParseCertificateConfiguration() could treat a nonexistent 
> ssl_multicert.config the same as it treats a blank file? ({{touch 
> ssl_multicert.config}} makes the failed assert go away.)
> Or maybe there's another better way to avoid the failed assert?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to