This is an automated email from the ASF dual-hosted git repository.
sudheerv pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 4eadecd Elevate privs to load TLS Session Ticket Key file
4eadecd is described below
commit 4eadecdd2611c805b7f66406b10caa14d141d1b1
Author: Sudheer Vinukonda <sudhe...@apache.org>
AuthorDate: Wed Jun 12 17:55:45 2019 -0700
Elevate privs to load TLS Session Ticket Key file
---
iocore/net/SSLConfig.cc | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index f854883..bf933bc 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -568,6 +568,11 @@ SSLTicketParams::LoadTicket(bool &nochange)
no_default_keyblock = ticket_params->default_global_keyblock == nullptr;
}
+ // elevate/allow file access to root read only files/certs
+ uint32_t elevate_setting = 0;
+ REC_ReadConfigInteger(elevate_setting,
"proxy.config.ssl.cert.load_elevated");
+ ElevateAccess elevate_access(elevate_setting ? ElevateAccess::FILE_PRIVILEGE
: 0); // destructor will demote for us
+
if (REC_ReadConfigStringAlloc(ticket_key_filename,
"proxy.config.ssl.server.ticket_key.filename") == REC_ERR_OKAY &&
ticket_key_filename != nullptr) {
ats_scoped_str
ticket_key_path(Layout::relative_to(params->serverCertPathOnly,
ticket_key_filename));
