[ https://issues.apache.org/jira/browse/TS-2480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-2480: ------------------------------ Labels: review (was: ) > Choose the address related SSL_CTX for session ticket callback > -------------------------------------------------------------- > > Key: TS-2480 > URL: https://issues.apache.org/jira/browse/TS-2480 > Project: Traffic Server > Issue Type: Wish > Components: SSL > Reporter: Wei Sun > Assignee: James Peach > Labels: review > Fix For: 5.0.0 > > Attachments: TS-2480.diff > > > When the dest_ip in ssl_multicert.config is not '*', the default SSL_CTX > retrieved from the request when presenting session ticket or session id is > not associated with any app data (certs, settings, etc), ats delays the > association in SNI handling. So in the callback of > SSL_CTX_set_tlsext_ticket_key_cb or SSL_CTX_sess_set_get_cb, it won't get the > expected SSL_CTX, and session ticket handling will be degraded to the default > behavior. > I have a requirement of retrieving SSL_CTX during these two callback > functions, probably I could workaround it by > SSLCertificateConfig::acquire()->findInfoInHash(ip) in every callback and get > the expected SSL_CTX. I'm wondering is it feasible to do it once in > make_ssl_connection()? Is there any design consideration for being this > (delay to overwrite the SSL_CTX in SNI handling)? I have a small patch if it > is needed. -- This message was sent by Atlassian JIRA (v6.2#6252)