Github user shinrich commented on the issue:
https://github.com/apache/trafficserver/pull/990
After a quick look this looks fine.
I'm not thrilled with storing the SSLCertContext in the SSLNetVConnection.
I understand that you are doing this to get the specified settings for HPKP for
that connection. But you also have two copies of the SSL_CTX (one in the
SSLCertContext and the one used by openssl which is attainable from the ssl
object). If there is a plugin that replaces the certificate in the certificate
callback, these two values will be inconsistent. But I guess that isn't such a
big deal. The alternative would be to add 3 or 4 bools directly to the
SSLNetVConnection object and copy over the HPKP values directly. That is
probably even worse.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
