This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push:
new b650c85 Ticket file reload shouldn't kill traffic_server process
b650c85 is described below
commit b650c85f1539d534d129ca08bd2cfd6459a10628
Author: Vijay Mamidi <vijayabhaskar_mam...@yahoo.com>
AuthorDate: Tue Aug 29 17:13:17 2017 -0700
Ticket file reload shouldn't kill traffic_server process
(cherry picked from commit 3f48a263b88197fca556165e91834450b0df56b7)
---
iocore/net/P_SSLConfig.h | 2 +-
iocore/net/SSLConfig.cc | 27 ++++++++++++++++++---------
2 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h
index 7728a41..f15df36 100644
--- a/iocore/net/P_SSLConfig.h
+++ b/iocore/net/P_SSLConfig.h
@@ -162,7 +162,7 @@ private:
struct SSLTicketParams : public ConfigInfo {
ssl_ticket_key_block *default_global_keyblock;
char *ticket_key_filename;
- void LoadTicket();
+ bool LoadTicket();
void cleanup();
~SSLTicketParams() { cleanup(); }
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index a94100b..1ffc54d 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -515,27 +515,31 @@ SSLCertificateConfig::release(SSLCertLookup *lookup)
configProcessor.release(configid, lookup);
}
-void
+bool
SSLTicketParams::LoadTicket()
{
cleanup();
#if HAVE_OPENSSL_SESSION_TICKETS
+ ssl_ticket_key_block *keyblock = nullptr;
SSLConfig::scoped_config params;
if (REC_ReadConfigStringAlloc(ticket_key_filename,
"proxy.config.ssl.server.ticket_key.filename") == REC_ERR_OKAY &&
ticket_key_filename != nullptr) {
ats_scoped_str
ticket_key_path(Layout::relative_to(params->serverCertPathOnly,
ticket_key_filename));
- default_global_keyblock = ssl_create_ticket_keyblock(ticket_key_path);
+ keyblock = ssl_create_ticket_keyblock(ticket_key_path);
} else {
- default_global_keyblock = ssl_create_ticket_keyblock(nullptr);
+ keyblock = ssl_create_ticket_keyblock(nullptr);
}
- if (!default_global_keyblock) {
- Fatal("Could not load Ticket Key from %s", ticket_key_filename);
- return;
+ if (!keyblock) {
+ Error("ticket key reloaded from %s", ticket_key_filename);
+ return false;
}
+ default_global_keyblock = keyblock;
+
Debug("ssl", "ticket key reloaded from %s", ticket_key_filename);
+ return true;
#endif
}
@@ -546,7 +550,10 @@ SSLTicketKeyConfig::startup()
auto sslTicketKey = new ConfigUpdateHandler<SSLTicketKeyConfig>();
sslTicketKey->attach("proxy.config.ssl.server.ticket_key.filename");
- reconfigure();
+ SSLConfig::scoped_config params;
+ if (!reconfigure() && params->configExitOnLoadError) {
+ Fatal("Failed to load SSL ticket key file");
+ }
}
bool
@@ -554,8 +561,10 @@ SSLTicketKeyConfig::reconfigure()
{
SSLTicketParams *ticketKey = new SSLTicketParams();
- if (ticketKey)
- ticketKey->LoadTicket();
+ if (ticketKey) {
+ if (!ticketKey->LoadTicket())
+ return false;
+ }
configid = configProcessor.set(configid, ticketKey);
return true;
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].
