[jira] [Work logged] (TS-5022) Multiple Client Certificate to Origin

Thu, 05 Jan 2017 10:47:45 -0800 

     [ 
https://issues.apache.org/jira/browse/TS-5022?focusedWorklogId=34814&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-34814
 ]

ASF GitHub Bot logged work on TS-5022:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 05/Jan/17 18:46
            Start Date: 05/Jan/17 18:46
    Worklog Time Spent: 10m 
      Work Description: Github user shinrich commented on a diff in the pull 
request:

    https://github.com/apache/trafficserver/pull/1226#discussion_r94826573
  
    --- Diff: proxy/http/HttpSM.cc ---
    @@ -4059,6 +4061,16 @@ HttpSM::do_remap_request(bool run_inline)
         pending_action = remap_action_handle;
       }
     
    +  // check if the overridden client cert filename is already attached to 
an existing ssl context
    +  ats_scoped_str 
clientCert(Layout::relative_to(t_state.txn_conf->client_cert_filepath, 
t_state.txn_conf->client_cert_filename));
    +  auto tCTX = params->getCTX(clientCert);
    +
    +  if (tCTX == nullptr) {
    +    // make new client ctx and add it to the ctx list
    +    auto tctx = ssl_NetProcessor.getNewCTX(clientCert);
    +    params->InsertCTX(clientCert, tctx);
    --- End diff --
    
    Maybe it would be cleaner to have a version of InsertCTX() that only took 
the certificate name and did the certificate creation and insert?


Issue Time Tracking
-------------------

    Worklog Id:     (was: 34814)
    Time Spent: 3h 50m  (was: 3h 40m)

> Multiple Client Certificate to Origin
> -------------------------------------
>
>                 Key: TS-5022
>                 URL: https://issues.apache.org/jira/browse/TS-5022
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Security, SSL, TLS
>            Reporter: Scott Beardsley
>            Assignee: Syeda Persia Aziz
>              Labels: yahoo
>             Fix For: 7.1.0
>
>          Time Spent: 3h 50m
>  Remaining Estimate: 0h
>
> Yahoo has a use case where the origin is doing mutual TLS authentication 
> which requires ATS to send a client certificate. This works fine (for now) 
> because ATS supports configuring *one* client cert but this feature should 
> really allow multiple client certificates to be configured which would depend 
> upon the origin being contacted.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to