trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zw...@apache.org
Subject [trafficserver] branch 8.0.x updated: Calls SSL child config callback after cert is loaded for both key parts
Date Mon, 04 Feb 2019 23:57:38 GMT
This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/8.0.x by this push:
     new 57231ca  Calls SSL child config callback after cert is loaded for both key parts
57231ca is described below

commit 57231cad6717e40f5155ded40b99248ea0cc239b
Author: Randall Meyer <randallmeyer@yahoo.com>
AuthorDate: Tue Jan 8 12:48:13 2019 -0800

    Calls SSL child config callback after cert is loaded for both key parts
    
    This plays nicer with filesystems who's mtime can change on file read
    
    (cherry picked from commit 9c49e84dbbd34e6d24fd4a522699d10dc5e88fab)
---
 iocore/net/SSLUtils.cc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 6c4643a..67aea04 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1700,10 +1700,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config
*sslMu
           X509_free(cert);
           goto fail;
         }
-        certList.push_back(cert);
-        if (SSLConfigParams::load_ssl_file_cb) {
-          SSLConfigParams::load_ssl_file_cb(completeServerCertPath.c_str(), CONFIG_FLAG_UNVERSIONED);
-        }
+
         // Load up any additional chain certificates
         SSL_CTX_add_extra_chain_cert_bio(ctx, bio);
 
@@ -1712,6 +1709,11 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config
*sslMu
           goto fail;
         }
 
+        certList.push_back(cert);
+        if (SSLConfigParams::load_ssl_file_cb) {
+          SSLConfigParams::load_ssl_file_cb(completeServerCertPath.c_str(), CONFIG_FLAG_UNVERSIONED);
+        }
+
         // Must load all the intermediate certificates before starting the next chain
 
         // First, load any CA chains from the global chain file.  This should probably


Mime
View raw message