[trafficserver] 05/06: Fixes crash loading combined(cert+key) certs

Wed, 20 May 2020 09:46:25 -0700 

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 5be94b6f7e672abf4b52eb9818a15d598e565f12
Author: Randall Meyer <r...@apache.org>
AuthorDate: Fri Apr 10 09:58:58 2020 -0700

    Fixes crash loading combined(cert+key) certs
    
    This crash was introduced by f729c9dc41ff1635132f4bdc6331ce826f3bc2fe
    
    (cherry picked from commit 96e1f4613316bda260debe0578cb626b0443f6a8)
---
 iocore/net/SSLUtils.cc | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 5d297a3..f204aed 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1400,7 +1400,9 @@ SSLMultiCertConfigLoader::_store_ssl_ctx(SSLCertLookup 
*lookup, const shared_SSL
   std::set<std::string> common_names;
   std::unordered_map<int, std::set<std::string>> unique_names;
   SSLMultiCertConfigLoader::CertLoadData data;
+
   const SSLConfigParams *params = this->_params;
+
   this->load_certs_and_cross_reference_names(cert_list, data, params, 
sslMultCertSettings.get(), common_names, unique_names);
 
   int i = 0;
@@ -1923,8 +1925,15 @@ 
SSLMultiCertConfigLoader::load_certs_and_cross_reference_names(std::vector<X509
 {
   SimpleTokenizer cert_tok(sslMultCertSettings && sslMultCertSettings->cert ? 
(const char *)sslMultCertSettings->cert : "",
                            SSL_CERT_SEPARATE_DELIM);
-  SimpleTokenizer key_tok((sslMultCertSettings && sslMultCertSettings->key ? 
(const char *)sslMultCertSettings->key : ""),
-                          SSL_CERT_SEPARATE_DELIM);
+
+  SimpleTokenizer key_tok(SSL_CERT_SEPARATE_DELIM);
+  if (sslMultCertSettings && sslMultCertSettings->key) {
+    key_tok.setString((const char *)sslMultCertSettings->key);
+  } else if (sslMultCertSettings && sslMultCertSettings->cert) {
+    key_tok.setString((const char *)sslMultCertSettings->cert);
+  } else {
+    key_tok.setString("");
+  }
 
   if (sslMultCertSettings && sslMultCertSettings->key && 
cert_tok.getNumTokensRemaining() != key_tok.getNumTokensRemaining()) {
     Error("the number of certificates in ssl_cert_name and ssl_key_name 
doesn't match");

Reply via email to