Github user shinrich commented on a diff in the pull request:
https://github.com/apache/trafficserver/pull/1226#discussion_r94826573
--- Diff: proxy/http/HttpSM.cc ---
@@ -4059,6 +4061,16 @@ HttpSM::do_remap_request(bool run_inline)
pending_action = remap_action_handle;
}
+ // check if the overridden client cert filename is already attached to
an existing ssl context
+ ats_scoped_str
clientCert(Layout::relative_to(t_state.txn_conf->client_cert_filepath,
t_state.txn_conf->client_cert_filename));
+ auto tCTX = params->getCTX(clientCert);
+
+ if (tCTX == nullptr) {
+ // make new client ctx and add it to the ctx list
+ auto tctx = ssl_NetProcessor.getNewCTX(clientCert);
+ params->InsertCTX(clientCert, tctx);
--- End diff --
Maybe it would be cleaner to have a version of InsertCTX() that only took
the certificate name and did the certificate creation and insert?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
