This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 5be94b6f7e672abf4b52eb9818a15d598e565f12 Author: Randall Meyer <r...@apache.org> AuthorDate: Fri Apr 10 09:58:58 2020 -0700 Fixes crash loading combined(cert+key) certs This crash was introduced by f729c9dc41ff1635132f4bdc6331ce826f3bc2fe (cherry picked from commit 96e1f4613316bda260debe0578cb626b0443f6a8) --- iocore/net/SSLUtils.cc | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 5d297a3..f204aed 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1400,7 +1400,9 @@ SSLMultiCertConfigLoader::_store_ssl_ctx(SSLCertLookup *lookup, const shared_SSL std::set<std::string> common_names; std::unordered_map<int, std::set<std::string>> unique_names; SSLMultiCertConfigLoader::CertLoadData data; + const SSLConfigParams *params = this->_params; + this->load_certs_and_cross_reference_names(cert_list, data, params, sslMultCertSettings.get(), common_names, unique_names); int i = 0; @@ -1923,8 +1925,15 @@ SSLMultiCertConfigLoader::load_certs_and_cross_reference_names(std::vector<X509 { SimpleTokenizer cert_tok(sslMultCertSettings && sslMultCertSettings->cert ? (const char *)sslMultCertSettings->cert : "", SSL_CERT_SEPARATE_DELIM); - SimpleTokenizer key_tok((sslMultCertSettings && sslMultCertSettings->key ? (const char *)sslMultCertSettings->key : ""), - SSL_CERT_SEPARATE_DELIM); + + SimpleTokenizer key_tok(SSL_CERT_SEPARATE_DELIM); + if (sslMultCertSettings && sslMultCertSettings->key) { + key_tok.setString((const char *)sslMultCertSettings->key); + } else if (sslMultCertSettings && sslMultCertSettings->cert) { + key_tok.setString((const char *)sslMultCertSettings->cert); + } else { + key_tok.setString(""); + } if (sslMultCertSettings && sslMultCertSettings->key && cert_tok.getNumTokensRemaining() != key_tok.getNumTokensRemaining()) { Error("the number of certificates in ssl_cert_name and ssl_key_name doesn't match");