This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 4704525 Changes the default for proxy.config.ssl.server.multicert.exit_on_load_fail 4704525 is described below commit 4704525a6f9b7ba4cc79b56fd58958dcb83f3225 Author: Leif Hedstrom <zw...@apache.org> AuthorDate: Thu May 25 10:14:41 2017 -0600 Changes the default for proxy.config.ssl.server.multicert.exit_on_load_fail This restores the old (and IMO expected) behavior of how we don't allow bad configurations to be reloaded / replaced. We've had a case where all certificates were lost for a small period of time, and an unrelated config reload happening at the same time caused us to lose all certificates. --- iocore/net/SSLConfig.cc | 2 +- mgmt/RecordsConfig.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 093ebe8..343b3d9 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -101,7 +101,7 @@ SSLConfigParams::reset() ssl_session_cache_skip_on_contention = 0; ssl_session_cache_timeout = 0; ssl_session_cache_auto_clear = 1; - configExitOnLoadError = 0; + configExitOnLoadError = 1; } void diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index cf36d02..8ecd3ee 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -1148,7 +1148,7 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.ssl.server.multicert.filename", RECD_STRING, "ssl_multicert.config", RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL} , - {RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL} + {RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL} , {RECT_CONFIG, "proxy.config.ssl.server.ticket_key.filename", RECD_STRING, nullptr, RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} , -- To stop receiving notification emails like this one, please contact ['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].