This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 31d49587d48e113dc1c378d3510ee76cbd19911e
Author: Susan Hinrichs <shinr...@yahoo-inc.com>
AuthorDate: Wed May 13 10:03:47 2020 -0500
Do not fail multicert load if line does not create entry (#6760)
Co-authored-by: Susan Hinrichs <shinr...@verizonmedia.com>
(cherry picked from commit 0265ac7f8a9f0c4773fc6f7d00f6f212bdc08558)
---
iocore/net/QUICMultiCertConfigLoader.cc | 12 ++++++++----
iocore/net/SSLUtils.cc | 12 ++++++++----
2 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/iocore/net/QUICMultiCertConfigLoader.cc
b/iocore/net/QUICMultiCertConfigLoader.cc
index 288c0f0..cf9c74f 100644
--- a/iocore/net/QUICMultiCertConfigLoader.cc
+++ b/iocore/net/QUICMultiCertConfigLoader.cc
@@ -190,8 +190,13 @@ QUICMultiCertConfigLoader::_store_ssl_ctx(SSLCertLookup
*lookup, const shared_SS
shared_ssl_ticket_key_block keyblock = nullptr;
if (!ctx || !multi_cert_params || !this->_store_single_ssl_ctx(lookup,
multi_cert_params, ctx, common_names)) {
- lookup->is_valid = false;
- retval = false;
+ retval = false;
+ std::string names;
+ for (auto name : data.cert_names_list) {
+ names.append(name);
+ names.append(" ");
+ }
+ Warning("QUIC: Failed to insert SSL_CTX for certificate %s entries for
names already made", names.c_str());
}
for (auto iter = unique_names.begin(); retval && iter != unique_names.end();
++iter) {
@@ -205,8 +210,7 @@ QUICMultiCertConfigLoader::_store_ssl_ctx(SSLCertLookup
*lookup, const shared_SS
shared_SSL_CTX unique_ctx(this->init_server_ssl_ctx(single_data,
multi_cert_params.get(), iter->second), SSL_CTX_free);
if (!unique_ctx || !this->_store_single_ssl_ctx(lookup, multi_cert_params,
unique_ctx, iter->second)) {
- lookup->is_valid = false;
- retval = false;
+ retval = false;
}
}
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index ffc6e8a..5d297a3 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1418,8 +1418,13 @@ SSLMultiCertConfigLoader::_store_ssl_ctx(SSLCertLookup
*lookup, const shared_SSL
shared_SSL_CTX ctx(this->init_server_ssl_ctx(data,
sslMultCertSettings.get(), common_names), SSL_CTX_free);
if (!ctx || !sslMultCertSettings || !this->_store_single_ssl_ctx(lookup,
sslMultCertSettings, ctx, common_names)) {
- lookup->is_valid = false;
- retval = false;
+ retval = false;
+ std::string names;
+ for (auto name : data.cert_names_list) {
+ names.append(name);
+ names.append(" ");
+ }
+ Warning("Failed to insert SSL_CTX for certificate %s entries for names
already made", names.c_str());
}
for (auto iter = unique_names.begin(); retval && iter != unique_names.end();
++iter) {
@@ -1433,8 +1438,7 @@ SSLMultiCertConfigLoader::_store_ssl_ctx(SSLCertLookup
*lookup, const shared_SSL
shared_SSL_CTX unique_ctx(this->init_server_ssl_ctx(single_data,
sslMultCertSettings.get(), iter->second), SSL_CTX_free);
if (!unique_ctx || !this->_store_single_ssl_ctx(lookup,
sslMultCertSettings, unique_ctx, iter->second)) {
- lookup->is_valid = false;
- retval = false;
+ retval = false;
}
}
