[ https://issues.apache.org/jira/browse/TS-4858?focusedWorklogId=30192&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-30192 ]
ASF GitHub Bot logged work on TS-4858: -------------------------------------- Author: ASF GitHub Bot Created on: 05/Oct/16 19:17 Start Date: 05/Oct/16 19:17 Worklog Time Spent: 10m Work Description: Github user jpeach commented on a diff in the pull request: https://github.com/apache/trafficserver/pull/1024#discussion_r82046288 --- Diff: iocore/net/SSLConfig.cc --- @@ -243,6 +245,21 @@ SSLConfigParams::initialize() ats_free(ssl_server_ca_cert_filename); ats_free(CACertRelativePath); + REC_ReadConfigStringAlloc(ticket_key_filename, "proxy.config.ssl.server.ticket_key.filename"); + int ticket_key_len; + ats_scoped_str ticket_key_path(Layout::relative_to(this->serverCertPathOnly, this->ticket_key_filename)); + ats_scoped_str ticket_key_data; + if (ticket_key_filename != NULL) { + ticket_key_data = readIntoBuffer(ticket_key_path, __func__, &ticket_key_len); + } else { + // Generate a random ticket key + ticket_key_len = 48; + ticket_key_data = (char *)ats_malloc(ticket_key_len); + char *tmp_ptr = ticket_key_data; + RAND_bytes(reinterpret_cast<unsigned char *>(tmp_ptr), ticket_key_len); + } --- End diff -- Simplify to this: ```C if (ticket_key_filename) { int len; ats_scoped_str path(Layout::relative_to(this->serverCertPathOnly, this->ticket_key_filename)); ats_scoped_str data = readIntoBuffer(path, __func__, &len); // XXX error checking? default_global_keyblock = ticket_block_XXX(data, len); } else { ssl_ticket_key_t key; RAND_bytes(&key, sizeof(key)); default_global_keyblock = ticket_block_XXX(&key, sizeof(key)); } ``` *or* Add additional ticket block APIs: ```C ssl_ticket_key_block *ticket_block_alloc_random(unsigned count); ssl_ticket_key_block *ticket_block_read(const char *path); ``` Issue Time Tracking ------------------- Worklog Id: (was: 30192) Time Spent: 1.5h (was: 1h 20m) > Global session ticket key block leaks. > -------------------------------------- > > Key: TS-4858 > URL: https://issues.apache.org/jira/browse/TS-4858 > Project: Traffic Server > Issue Type: Bug > Components: SSL > Reporter: James Peach > Assignee: Syeda Persia Aziz > Fix For: 7.1.0 > > Time Spent: 1.5h > Remaining Estimate: 0h > > From source inspection, ``global_default_keyblock`` is always assigned so it > will leak on configuration reload. > Have not reproduced this since I wasn't able to get SSL config reload to work > :-( -- This message was sent by Atlassian JIRA (v6.3.4#6332)