[
https://issues.apache.org/jira/browse/TS-3742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14616525#comment-14616525
]
ASF GitHub Bot commented on TS-3742:
------------------------------------
Github user shinrich commented on a diff in the pull request:
https://github.com/apache/trafficserver/pull/241#discussion_r34028929
--- Diff: iocore/net/SSLUtils.cc ---
@@ -308,8 +308,10 @@ set_context_cert(SSL *ssl)
if (ctx != NULL) {
SSL_set_SSL_CTX(ssl, ctx);
#if HAVE_OPENSSL_SESSION_TICKETS
- // Reset the ticket callback if needed
- SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_callback_session_ticket);
+ if (SSL_CTX_get_options(ctx) & SSL_OP_NO_TICKET) {
--- End diff --
That does seem backwards, doesn't it. Will track it down.
> ATS advertises TLS ticket extension even when disabled
> ------------------------------------------------------
>
> Key: TS-3742
> URL: https://issues.apache.org/jira/browse/TS-3742
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Susan Hinrichs
> Assignee: Susan Hinrichs
>
> Noted by [~hreindl]. Even if you have ssl_ticket_enabled=0 on the relevant
> line in ssl_multicert.config, the Server Hello message will still contain the
> ticket tls extension.
> The problem is the code is blindly resetting the ticket callback on the
> context.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
