[jira] [Work logged] (TS-5022) Multiple Client Certificate to Origin

Thu, 05 Jan 2017 10:44:45 -0800 

     [ 
https://issues.apache.org/jira/browse/TS-5022?focusedWorklogId=34813&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-34813
 ]

ASF GitHub Bot logged work on TS-5022:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 05/Jan/17 18:43
            Start Date: 05/Jan/17 18:43
    Worklog Time Spent: 10m 
      Work Description: Github user shinrich commented on a diff in the pull 
request:

    https://github.com/apache/trafficserver/pull/1226#discussion_r94825933
  
    --- Diff: iocore/net/SSLNetVConnection.cc ---
    @@ -980,7 +980,20 @@ SSLNetVConnection::sslStartHandShake(int event, int 
&err)
     
       case SSL_EVENT_CLIENT:
         if (this->ssl == nullptr) {
    -      this->ssl = make_ssl_connection(ssl_NetProcessor.client_ctx, this);
    +      SSL_CTX *clientCTX = nullptr;
    +      if (this->options.clientCertificate) {
    +        const char *certfile = (const char 
*)this->options.clientCertificate;
    +        if (certfile != nullptr) {
    +          clientCTX = params->getCTX(certfile);
    +          if (clientCTX != nullptr)
    +            Debug("ssl", "context for %s is found at %p", 
this->options.clientCertificate.get(), (void *)clientCTX);
    +          else
    +            Debug("ssl", "failed to find context for %s", 
this->options.clientCertificate.get());
    +        }
    +      } else {
    +        clientCTX = ssl_NetProcessor.client_ctx;
    +      }
    --- End diff --
    
    Should we use the same logic to fetch the default client cert as well?


Issue Time Tracking
-------------------

    Worklog Id:     (was: 34813)
    Time Spent: 3h 40m  (was: 3.5h)

> Multiple Client Certificate to Origin
> -------------------------------------
>
>                 Key: TS-5022
>                 URL: https://issues.apache.org/jira/browse/TS-5022
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Security, SSL, TLS
>            Reporter: Scott Beardsley
>            Assignee: Syeda Persia Aziz
>              Labels: yahoo
>             Fix For: 7.1.0
>
>          Time Spent: 3h 40m
>  Remaining Estimate: 0h
>
> Yahoo has a use case where the origin is doing mutual TLS authentication 
> which requires ATS to send a client certificate. This works fine (for now) 
> because ATS supports configuring *one* client cert but this feature should 
> really allow multiple client certificates to be configured which would depend 
> upon the origin being contacted.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to