On 27/10/2012, at 7:32 AM, Ethan Lai <[email protected]> wrote: > Hi James, > > Just filed, https://issues.apache.org/jira/browse/TS-1551 > I'd love to work on it to make this issue fixed ASAP, please kindly give me > some instructions. :)
Great! So the place to start is in iocore/net/SSLCertLookup.cc. The first issue you will have to deal with is releasing the SSL context storage. We keep multiple copies of SSL_CTX pointer in the index, so so release them correctly we would need to clone or reference count these. SSL refcounts them internally, but I don't think that there's an API to get at the refcount. Once this is done, then the next step will be to hook into the configuration reload mechanism and build a new SSL certificate lookup table. You will need to keep the old one around for a grace period before releasing it since the transition period will be racy. The #traffic-server IRC channel is usually pretty active if you have questions ... J > > Thanks, > -Ethan > > 2012/10/27 James Peach <[email protected]> > On 25/10/2012, at 11:23 PM, Nick Berry <[email protected]> wrote: > > > Keep in mind several configs do not get re-read with traffic_line -x. If > > you've tested it and it doesn't work, then I'd assume it's one of those > > configs. :) > > Yes, unfortunately SSL certificates don't get reloaded with -x. It's > something that we'd like to fix, though. Can you please file a ticket? If you > are interested in working on it, I'd be happy to guide you ... > > > > > On Oct 25, 2012, at 7:14 PM, Ethan Lai <[email protected]> wrote: > > > >> Guys, > >> > >> I've found that "ssl_multicert.config" is marked as modified, but not > >> reread while running traffic_line -x (Reread Config Files). > >> Just wondering is this expected behavior or not? > >> > >> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > >> [Oct 26 09:59:45.018] Manager {0x7f3c6723d7e0} NOTE: > >> [LocalManager::startProxy] Launching ts process > >> [Oct 26 09:59:45.025] Manager {0x7f3c6723d7e0} NOTE: > >> [LocalManager::pollMgmtProcessServer] New process connecting fd '12' > >> [Oct 26 09:59:45.025] Manager {0x7f3c6723d7e0} NOTE: [Alarms::signalAlarm] > >> Server Process born > >> [Oct 26 09:59:46.066] Server {0x2b500a320680} DEBUG: (ssl) > >> ssl_multicert.config: /usr/local/etc/trafficserver/ssl_multicert.config > >> [Oct 26 09:59:46.094] Server {0x2b500a320680} DEBUG: (ssl) mapping > >> 'j1.free888.cloudns.biz' to certificate > >> /usr/local/etc/ats-cert/j1.free888.cloudns.biz-v2.pem > >> [Oct 26 09:59:46.096] Server {0x2b500a320680} NOTE: logging > >> initialized[15], logging_mode = 3 > >> [Oct 26 09:59:46.126] Server {0x2b500a320680} NOTE: traffic server running > >> > >> $ sed -i 's/j1.free888.cloudns.biz-v2/j1.free888.cloudns.biz-v3/' > >> /usr/local/etc/trafficserver/ssl_multicert.config > >> $ `trafflic_line -x` > >> [Oct 26 09:59:59.954] Manager {0x7f3c5ffff700} DEBUG: (rollback) > >> [Rollback::internalUpdate] Moving ssl_multicert.config from version 43 to > >> version 44 > >> [Oct 26 09:59:59.970] Manager {0x7f3c5ffff700} NOTE: [fileUpdated] > >> ssl_multicert.config file has been modified > >> [Oct 26 09:59:59.970] Manager {0x7f3c5ffff700} NOTE: User has changed > >> config file ssl_multicert.config > >> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > >> > >> No "DEBUG: (ssl) mapping 'j1.free888.cloudns.biz' to certificate > >> /usr/local/etc/ats-cert/j1.free888.cloudns.biz-v3.pem" message found. :( > >> > >> Thanks, > >> -Ethan > > > >
