[jira] [Work logged] (TS-4679) Allow ssl_multicert line to have no ssl_cert_name specified

Tue, 26 Jul 2016 07:52:53 -0700 

     [ 
https://issues.apache.org/jira/browse/TS-4679?focusedWorklogId=26013&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-26013
 ]

ASF GitHub Bot logged work on TS-4679:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 26/Jul/16 14:51
            Start Date: 26/Jul/16 14:51
    Worklog Time Spent: 10m 
      Work Description: Github user zwoop commented on a diff in the pull 
request:

    https://github.com/apache/trafficserver/pull/810#discussion_r72265027
  
    --- Diff: iocore/net/SSLUtils.cc ---
    @@ -1583,7 +1583,10 @@ SSLInitServerContext(const SSLConfigParams *params, 
const ssl_user_config &sslMu
         SSL_CTX_set_default_passwd_cb_userdata(ctx, &ud);
       }
     
    -  if (sslMultCertSettings.cert) {
    +  if (!sslMultCertSettings.cert && sslMultCertSettings.opt != 
SSLCertContext::OPT_TUNNEL) {
    +    Warning("No ssl_cert_name specified and no tunnel action set");
    +    goto fail;
    +  } else if (sslMultCertSettings.cert) {
    --- End diff --
    
    I think this is "ok", it just reads a little odd. I probably would have 
preferred e.g.
    
        if (!sslMultCertSettings.cert) {
            if (sslMultCertSettings.opt != SSLCertContext::OPT_TUNNEL) {
                Warning( ...)
            }
        } else {
            SimpleTokenizer cert_tok((const ...
    
    I know, a little nitpick, but the fear being that we repeat the conditional 
multiple time, having a risk of inconsistencies.


Issue Time Tracking
-------------------

    Worklog Id:     (was: 26013)
    Time Spent: 50m  (was: 40m)

> Allow ssl_multicert line to have no ssl_cert_name specified
> -----------------------------------------------------------
>
>                 Key: TS-4679
>                 URL: https://issues.apache.org/jira/browse/TS-4679
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: SSL
>            Reporter: Susan Hinrichs
>            Assignee: Susan Hinrichs
>             Fix For: 7.0.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> It is reasonable to not specify a ssl_cert_name if the action=tunnel is 
> specified.  As the code currently stands you must enter a dummy ssl_cert_name 
> even in the blind tunnel case because of sanity checks in the ssl_multicert 
> loading code.
> The following should be an allowable entry
> {code}
> dest_ip=10.10.10.10 action=tunnel
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to