[
https://issues.apache.org/jira/browse/TS-3216?focusedWorklogId=28602&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-28602
]
ASF GitHub Bot logged work on TS-3216:
--------------------------------------
Author: ASF GitHub Bot
Created on: 09/Sep/16 15:44
Start Date: 09/Sep/16 15:44
Worklog Time Spent: 10m
Work Description: Github user jpeach commented on a diff in the pull
request:
https://github.com/apache/trafficserver/pull/990#discussion_r78202428
--- Diff: iocore/net/SSLUtils.cc ---
@@ -1866,10 +1934,17 @@ ssl_store_ssl_context(const SSLConfigParams
*params, SSLCertLookup *lookup, cons
keyblock = ssl_context_enable_tickets(ctx, NULL);
}
+ // Generate HPKP header if hpkp is enabled.
+ if (sslMultCertSettings.hpkp_enabled >= 0 ?
sslMultCertSettings.hpkp_enabled : params->hpkp_enabled) {
--- End diff --
So it is not possible to enable HPKP globally then disable it on specific
certificates? I think the expected behavior is for the certificate settings to
always have precedence (if they are specified). See
[TS-2773](https://issues.apache.org/jira/browse/TS-2773) for
Issue Time Tracking
-------------------
Worklog Id: (was: 28602)
Time Spent: 1.5h (was: 1h 20m)
> Add HPKP (Public Key Pinning Extension for HTTP) support
> --------------------------------------------------------
>
> Key: TS-3216
> URL: https://issues.apache.org/jira/browse/TS-3216
> Project: Traffic Server
> Issue Type: New Feature
> Components: SSL
> Reporter: Masaori Koshiba
> Assignee: Masaori Koshiba
> Labels: review
> Fix For: 7.0.0
>
> Attachments: hpkp-001.patch, hpkp-002.patch, hpkp-003.patch
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Add "Public Key Pinning Extension for HTTP" Support in Traffic Server.
> RFC 7469 Public Key Pinning Extension for HTTP
> - https://tools.ietf.org/html/rfc7469
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
