This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 7.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push: new 3496333 client cert should be added to netvcoptions only when needed 3496333 is described below commit 34963335f199cb6868affb6e1a23d486947fde14 Author: Persia Aziz <per...@yahoo-inc.com> AuthorDate: Mon Feb 27 12:41:25 2017 -0600 client cert should be added to netvcoptions only when needed (cherry picked from commit a37401bda5cfad8ce90477f1875754aeab172522) --- proxy/http/HttpSM.cc | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index de4b87b..c74d888 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -4020,7 +4020,6 @@ HttpSM::do_remap_request(bool run_inline) { DebugSM("http_seq", "[HttpSM::do_remap_request] Remapping request"); DebugSM("url_rewrite", "Starting a possible remapping for request [%" PRId64 "]", sm_id); - SSLConfig::scoped_config params; bool ret = false; if (t_state.cop_test_page == false) { ret = remapProcessor.setup_for_remap(&t_state); @@ -4061,20 +4060,6 @@ HttpSM::do_remap_request(bool run_inline) pending_action = remap_action_handle; } - // check if the overridden client cert filename is already attached to an existing ssl context - if (t_state.txn_conf->client_cert_filepath && t_state.txn_conf->client_cert_filename) { - ats_scoped_str clientCert(Layout::relative_to(t_state.txn_conf->client_cert_filepath, t_state.txn_conf->client_cert_filename)); - if (clientCert != nullptr) { - auto tCTX = params->getCTX(clientCert); - - if (tCTX == nullptr) { - // make new client ctx and add it to the ctx list - auto tctx = params->getNewCTX(clientCert); - params->InsertCTX(clientCert, tctx); - } - } - } - return; } @@ -5049,10 +5034,21 @@ HttpSM::do_http_server_open(bool raw) if (host && len > 0) { opt.set_sni_servername(host, len); } + + SSLConfig::scoped_config params; + // check if the overridden client cert filename is already attached to an existing ssl context if (t_state.txn_conf->client_cert_filepath && t_state.txn_conf->client_cert_filename) { ats_scoped_str clientCert( - (Layout::relative_to(t_state.txn_conf->client_cert_filepath, t_state.txn_conf->client_cert_filename))); + Layout::relative_to(t_state.txn_conf->client_cert_filepath, t_state.txn_conf->client_cert_filename)); if (clientCert != nullptr) { + auto tCTX = params->getCTX(clientCert); + + if (tCTX == nullptr) { + // make new client ctx and add it to the ctx list + Debug("ssl", "adding new cert for client cert %s", (char *)clientCert); + auto tctx = params->getNewCTX(clientCert); + params->InsertCTX(clientCert, tctx); + } opt.set_client_certname(clientCert); } } -- To stop receiving notification emails like this one, please contact ['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].