[ https://issues.apache.org/jira/browse/TS-5022?focusedWorklogId=34817&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-34817 ]
ASF GitHub Bot logged work on TS-5022: -------------------------------------- Author: ASF GitHub Bot Created on: 05/Jan/17 18:58 Start Date: 05/Jan/17 18:58 Worklog Time Spent: 10m Work Description: Github user persiaAziz commented on a diff in the pull request: https://github.com/apache/trafficserver/pull/1226#discussion_r94828732 --- Diff: proxy/http/HttpSM.cc --- @@ -4059,6 +4061,16 @@ HttpSM::do_remap_request(bool run_inline) pending_action = remap_action_handle; } + // check if the overridden client cert filename is already attached to an existing ssl context + ats_scoped_str clientCert(Layout::relative_to(t_state.txn_conf->client_cert_filepath, t_state.txn_conf->client_cert_filename)); + auto tCTX = params->getCTX(clientCert); + + if (tCTX == nullptr) { + // make new client ctx and add it to the ctx list + auto tctx = ssl_NetProcessor.getNewCTX(clientCert); + params->InsertCTX(clientCert, tctx); --- End diff -- Yes it would be cleaner. I reused the SSLInitClientContext logic to create the new CTX. That is why I kept it here. I will see if I can move the whole client context thing to SSLconfig Issue Time Tracking ------------------- Worklog Id: (was: 34817) Time Spent: 4h 20m (was: 4h 10m) > Multiple Client Certificate to Origin > ------------------------------------- > > Key: TS-5022 > URL: https://issues.apache.org/jira/browse/TS-5022 > Project: Traffic Server > Issue Type: Improvement > Components: Security, SSL, TLS > Reporter: Scott Beardsley > Assignee: Syeda Persia Aziz > Labels: yahoo > Fix For: 7.1.0 > > Time Spent: 4h 20m > Remaining Estimate: 0h > > Yahoo has a use case where the origin is doing mutual TLS authentication > which requires ATS to send a client certificate. This works fine (for now) > because ATS supports configuring *one* client cert but this feature should > really allow multiple client certificates to be configured which would depend > upon the origin being contacted. -- This message was sent by Atlassian JIRA (v6.3.4#6332)