bryancall commented on issue #9400:
URL: https://github.com/apache/trafficserver/issues/9400#issuecomment-4828017873

   I am closing this as no longer reproducible on current code. When this was 
first filed, a maintainer could not reproduce a crash with either a 
non-existing certificate file or a corrupted one, at startup or on reload, and 
the report has no stack trace or detailed reproduction steps. Since then the 
ssl_multicert loading path has been substantially reworked, including the 
migration from ssl_multicert.config to ssl_multicert.yaml 
(https://github.com/apache/trafficserver/pull/12755, first released in 11.0.0). 
Current source validates certificates explicitly: a truncated or corrupted 
certificate, an unparsable or future notBefore date, and an expired certificate 
each log an Error and return a negative status (check_server_cert_now in 
src/iocore/net/SSLUtils.cc), and configuration parse failures now return an 
error result rather than crashing. If anyone hits a crash loading an invalid 
certificate on a current release, please reopen with the version, the offending 
certificate or configur
 ation, and a stack trace.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to