[ https://issues.apache.org/jira/browse/TS-5022?focusedWorklogId=34814&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-34814 ]
ASF GitHub Bot logged work on TS-5022: -------------------------------------- Author: ASF GitHub Bot Created on: 05/Jan/17 18:46 Start Date: 05/Jan/17 18:46 Worklog Time Spent: 10m Work Description: Github user shinrich commented on a diff in the pull request: https://github.com/apache/trafficserver/pull/1226#discussion_r94826573 --- Diff: proxy/http/HttpSM.cc --- @@ -4059,6 +4061,16 @@ HttpSM::do_remap_request(bool run_inline) pending_action = remap_action_handle; } + // check if the overridden client cert filename is already attached to an existing ssl context + ats_scoped_str clientCert(Layout::relative_to(t_state.txn_conf->client_cert_filepath, t_state.txn_conf->client_cert_filename)); + auto tCTX = params->getCTX(clientCert); + + if (tCTX == nullptr) { + // make new client ctx and add it to the ctx list + auto tctx = ssl_NetProcessor.getNewCTX(clientCert); + params->InsertCTX(clientCert, tctx); --- End diff -- Maybe it would be cleaner to have a version of InsertCTX() that only took the certificate name and did the certificate creation and insert? Issue Time Tracking ------------------- Worklog Id: (was: 34814) Time Spent: 3h 50m (was: 3h 40m) > Multiple Client Certificate to Origin > ------------------------------------- > > Key: TS-5022 > URL: https://issues.apache.org/jira/browse/TS-5022 > Project: Traffic Server > Issue Type: Improvement > Components: Security, SSL, TLS > Reporter: Scott Beardsley > Assignee: Syeda Persia Aziz > Labels: yahoo > Fix For: 7.1.0 > > Time Spent: 3h 50m > Remaining Estimate: 0h > > Yahoo has a use case where the origin is doing mutual TLS authentication > which requires ATS to send a client certificate. This works fine (for now) > because ATS supports configuring *one* client cert but this feature should > really allow multiple client certificates to be configured which would depend > upon the origin being contacted. -- This message was sent by Atlassian JIRA (v6.3.4#6332)