trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bc...@apache.org
Subject [trafficserver] branch master updated: Ticket file reload shouldn't kill traffic_server process
Date Wed, 30 Aug 2017 15:44:35 GMT
This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 3f48a26  Ticket file reload shouldn't kill traffic_server process
3f48a26 is described below

commit 3f48a263b88197fca556165e91834450b0df56b7
Author: Vijay Mamidi <vijayabhaskar_mamidi@yahoo.com>
AuthorDate: Tue Aug 29 17:13:17 2017 -0700

    Ticket file reload shouldn't kill traffic_server process
---
 iocore/net/P_SSLConfig.h |  2 +-
 iocore/net/SSLConfig.cc  | 27 ++++++++++++++++++---------
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h
index 7728a41..f15df36 100644
--- a/iocore/net/P_SSLConfig.h
+++ b/iocore/net/P_SSLConfig.h
@@ -162,7 +162,7 @@ private:
 struct SSLTicketParams : public ConfigInfo {
   ssl_ticket_key_block *default_global_keyblock;
   char *ticket_key_filename;
-  void LoadTicket();
+  bool LoadTicket();
   void cleanup();
 
   ~SSLTicketParams() { cleanup(); }
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index f480708..0153ebf 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -523,27 +523,31 @@ SSLCertificateConfig::release(SSLCertLookup *lookup)
   configProcessor.release(configid, lookup);
 }
 
-void
+bool
 SSLTicketParams::LoadTicket()
 {
   cleanup();
 
 #if HAVE_OPENSSL_SESSION_TICKETS
+  ssl_ticket_key_block *keyblock = nullptr;
 
   SSLConfig::scoped_config params;
 
   if (REC_ReadConfigStringAlloc(ticket_key_filename, "proxy.config.ssl.server.ticket_key.filename")
== REC_ERR_OKAY &&
       ticket_key_filename != nullptr) {
     ats_scoped_str ticket_key_path(Layout::relative_to(params->serverCertPathOnly, ticket_key_filename));
-    default_global_keyblock = ssl_create_ticket_keyblock(ticket_key_path);
+    keyblock = ssl_create_ticket_keyblock(ticket_key_path);
   } else {
-    default_global_keyblock = ssl_create_ticket_keyblock(nullptr);
+    keyblock = ssl_create_ticket_keyblock(nullptr);
   }
-  if (!default_global_keyblock) {
-    Fatal("Could not load Ticket Key from %s", ticket_key_filename);
-    return;
+  if (!keyblock) {
+    Error("ticket key reloaded from %s", ticket_key_filename);
+    return false;
   }
+  default_global_keyblock = keyblock;
+
   Debug("ssl", "ticket key reloaded from %s", ticket_key_filename);
+  return true;
 
 #endif
 }
@@ -554,7 +558,10 @@ SSLTicketKeyConfig::startup()
   auto sslTicketKey = new ConfigUpdateHandler<SSLTicketKeyConfig>();
 
   sslTicketKey->attach("proxy.config.ssl.server.ticket_key.filename");
-  reconfigure();
+  SSLConfig::scoped_config params;
+  if (!reconfigure() && params->configExitOnLoadError) {
+    Fatal("Failed to load SSL ticket key file");
+  }
 }
 
 bool
@@ -562,8 +569,10 @@ SSLTicketKeyConfig::reconfigure()
 {
   SSLTicketParams *ticketKey = new SSLTicketParams();
 
-  if (ticketKey)
-    ticketKey->LoadTicket();
+  if (ticketKey) {
+    if (!ticketKey->LoadTicket())
+      return false;
+  }
 
   configid = configProcessor.set(configid, ticketKey);
   return true;

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].

Mime
View raw message