Github user persiaAziz commented on a diff in the pull request:
https://github.com/apache/trafficserver/pull/1226#discussion_r94828732
--- Diff: proxy/http/HttpSM.cc ---
@@ -4059,6 +4061,16 @@ HttpSM::do_remap_request(bool run_inline)
pending_action = remap_action_handle;
}
+ // check if the overridden client cert filename is already attached to
an existing ssl context
+ ats_scoped_str
clientCert(Layout::relative_to(t_state.txn_conf->client_cert_filepath,
t_state.txn_conf->client_cert_filename));
+ auto tCTX = params->getCTX(clientCert);
+
+ if (tCTX == nullptr) {
+ // make new client ctx and add it to the ctx list
+ auto tctx = ssl_NetProcessor.getNewCTX(clientCert);
+ params->InsertCTX(clientCert, tctx);
--- End diff --
Yes it would be cleaner. I reused the SSLInitClientContext logic to create
the new CTX. That is why I kept it here. I will see if I can move the whole
client context thing to SSLconfig
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
