bryancall commented on issue #9400: URL: https://github.com/apache/trafficserver/issues/9400#issuecomment-4828017873
I am closing this as no longer reproducible on current code. When this was first filed, a maintainer could not reproduce a crash with either a non-existing certificate file or a corrupted one, at startup or on reload, and the report has no stack trace or detailed reproduction steps. Since then the ssl_multicert loading path has been substantially reworked, including the migration from ssl_multicert.config to ssl_multicert.yaml (https://github.com/apache/trafficserver/pull/12755, first released in 11.0.0). Current source validates certificates explicitly: a truncated or corrupted certificate, an unparsable or future notBefore date, and an expired certificate each log an Error and return a negative status (check_server_cert_now in src/iocore/net/SSLUtils.cc), and configuration parse failures now return an error result rather than crashing. If anyone hits a crash loading an invalid certificate on a current release, please reopen with the version, the offending certificate or configur ation, and a stack trace. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
