This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 8.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.0.x by this push: new 57231ca Calls SSL child config callback after cert is loaded for both key parts 57231ca is described below commit 57231cad6717e40f5155ded40b99248ea0cc239b Author: Randall Meyer <randallme...@yahoo.com> AuthorDate: Tue Jan 8 12:48:13 2019 -0800 Calls SSL child config callback after cert is loaded for both key parts This plays nicer with filesystems who's mtime can change on file read (cherry picked from commit 9c49e84dbbd34e6d24fd4a522699d10dc5e88fab) --- iocore/net/SSLUtils.cc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 6c4643a..67aea04 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1700,10 +1700,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu X509_free(cert); goto fail; } - certList.push_back(cert); - if (SSLConfigParams::load_ssl_file_cb) { - SSLConfigParams::load_ssl_file_cb(completeServerCertPath.c_str(), CONFIG_FLAG_UNVERSIONED); - } + // Load up any additional chain certificates SSL_CTX_add_extra_chain_cert_bio(ctx, bio); @@ -1712,6 +1709,11 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu goto fail; } + certList.push_back(cert); + if (SSLConfigParams::load_ssl_file_cb) { + SSLConfigParams::load_ssl_file_cb(completeServerCertPath.c_str(), CONFIG_FLAG_UNVERSIONED); + } + // Must load all the intermediate certificates before starting the next chain // First, load any CA chains from the global chain file. This should probably