This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 7.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push: new b650c85 Ticket file reload shouldn't kill traffic_server process b650c85 is described below commit b650c85f1539d534d129ca08bd2cfd6459a10628 Author: Vijay Mamidi <vijayabhaskar_mam...@yahoo.com> AuthorDate: Tue Aug 29 17:13:17 2017 -0700 Ticket file reload shouldn't kill traffic_server process (cherry picked from commit 3f48a263b88197fca556165e91834450b0df56b7) --- iocore/net/P_SSLConfig.h | 2 +- iocore/net/SSLConfig.cc | 27 ++++++++++++++++++--------- 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h index 7728a41..f15df36 100644 --- a/iocore/net/P_SSLConfig.h +++ b/iocore/net/P_SSLConfig.h @@ -162,7 +162,7 @@ private: struct SSLTicketParams : public ConfigInfo { ssl_ticket_key_block *default_global_keyblock; char *ticket_key_filename; - void LoadTicket(); + bool LoadTicket(); void cleanup(); ~SSLTicketParams() { cleanup(); } diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index a94100b..1ffc54d 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -515,27 +515,31 @@ SSLCertificateConfig::release(SSLCertLookup *lookup) configProcessor.release(configid, lookup); } -void +bool SSLTicketParams::LoadTicket() { cleanup(); #if HAVE_OPENSSL_SESSION_TICKETS + ssl_ticket_key_block *keyblock = nullptr; SSLConfig::scoped_config params; if (REC_ReadConfigStringAlloc(ticket_key_filename, "proxy.config.ssl.server.ticket_key.filename") == REC_ERR_OKAY && ticket_key_filename != nullptr) { ats_scoped_str ticket_key_path(Layout::relative_to(params->serverCertPathOnly, ticket_key_filename)); - default_global_keyblock = ssl_create_ticket_keyblock(ticket_key_path); + keyblock = ssl_create_ticket_keyblock(ticket_key_path); } else { - default_global_keyblock = ssl_create_ticket_keyblock(nullptr); + keyblock = ssl_create_ticket_keyblock(nullptr); } - if (!default_global_keyblock) { - Fatal("Could not load Ticket Key from %s", ticket_key_filename); - return; + if (!keyblock) { + Error("ticket key reloaded from %s", ticket_key_filename); + return false; } + default_global_keyblock = keyblock; + Debug("ssl", "ticket key reloaded from %s", ticket_key_filename); + return true; #endif } @@ -546,7 +550,10 @@ SSLTicketKeyConfig::startup() auto sslTicketKey = new ConfigUpdateHandler<SSLTicketKeyConfig>(); sslTicketKey->attach("proxy.config.ssl.server.ticket_key.filename"); - reconfigure(); + SSLConfig::scoped_config params; + if (!reconfigure() && params->configExitOnLoadError) { + Fatal("Failed to load SSL ticket key file"); + } } bool @@ -554,8 +561,10 @@ SSLTicketKeyConfig::reconfigure() { SSLTicketParams *ticketKey = new SSLTicketParams(); - if (ticketKey) - ticketKey->LoadTicket(); + if (ticketKey) { + if (!ticketKey->LoadTicket()) + return false; + } configid = configProcessor.set(configid, ticketKey); return true; -- To stop receiving notification emails like this one, please contact ['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].