Github user shinrich commented on a diff in the pull request: https://github.com/apache/trafficserver/pull/1226#discussion_r94826573 --- Diff: proxy/http/HttpSM.cc --- @@ -4059,6 +4061,16 @@ HttpSM::do_remap_request(bool run_inline) pending_action = remap_action_handle; } + // check if the overridden client cert filename is already attached to an existing ssl context + ats_scoped_str clientCert(Layout::relative_to(t_state.txn_conf->client_cert_filepath, t_state.txn_conf->client_cert_filename)); + auto tCTX = params->getCTX(clientCert); + + if (tCTX == nullptr) { + // make new client ctx and add it to the ctx list + auto tctx = ssl_NetProcessor.getNewCTX(clientCert); + params->InsertCTX(clientCert, tctx); --- End diff -- Maybe it would be cleaner to have a version of InsertCTX() that only took the certificate name and did the certificate creation and insert?
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---