[
https://issues.apache.org/jira/browse/TS-5022?focusedWorklogId=34661&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-34661
]
ASF GitHub Bot logged work on TS-5022:
--------------------------------------
Author: ASF GitHub Bot
Created on: 04/Jan/17 15:42
Start Date: 04/Jan/17 15:42
Worklog Time Spent: 10m
Work Description: Github user shinrich commented on a diff in the pull
request:
https://github.com/apache/trafficserver/pull/1226#discussion_r94605355
--- Diff: iocore/net/P_SSLNetProcessor.h ---
@@ -63,6 +64,90 @@ struct SSLNetProcessor : public UnixNetProcessor {
return client_ctx;
}
+ // InsertCTX hashes on the absolute path to the client certificate file
and stores in the map
+ bool
+ InsertCTX(cchar *client_cert, SSL_CTX *cctx)
+ {
+ ink_mutex_acquire(&ctxMapLock);
+ if (client_cert == nullptr) {
+ ctx_map.put(nullptr, cctx);
+ return true;
--- End diff --
Are you leaking the lock here too?
Issue Time Tracking
-------------------
Worklog Id: (was: 34661)
Time Spent: 2h 10m (was: 2h)
> Multiple Client Certificate to Origin
> -------------------------------------
>
> Key: TS-5022
> URL: https://issues.apache.org/jira/browse/TS-5022
> Project: Traffic Server
> Issue Type: Improvement
> Components: Security, SSL, TLS
> Reporter: Scott Beardsley
> Assignee: Syeda Persia Aziz
> Labels: yahoo
> Fix For: 7.1.0
>
> Time Spent: 2h 10m
> Remaining Estimate: 0h
>
> Yahoo has a use case where the origin is doing mutual TLS authentication
> which requires ATS to send a client certificate. This works fine (for now)
> because ATS supports configuring *one* client cert but this feature should
> really allow multiple client certificates to be configured which would depend
> upon the origin being contacted.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
