This repository was archived by the owner on Nov 24, 2025. It is now read-only.
fixed bug in CertificateRegistry#3939
Merged
rawlinp merged 3 commits intoapache:masterfrom Oct 17, 2019
Merged
Conversation
Contributor
|
Refer to this link for build results (access rights to CI server needed): |
mitchell852
added
Traffic Router
mitchell852
added
the
WIP
SSLContexts fails Since there was no exception handling for the InvalidArgumentException which can occur when an SSLHostConfig and its certificates gets added the CertificateRegistry was recording the certificate as successful and then never attempting to load it again. # Conflicts: # traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/protocol/RouterNioEndpoint.java # traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/CertificateRegistry.java
ajschmidt
force-pushed
the
tr-multi-cert-fix
branch
from
6d5f57e to
10879aa
Compare
Contributor
|
Refer to this link for build results (access rights to CI server needed): |
..traffic_router/protocol/RouterNioEndpoint.java ..traffic_router/secure/CertificateRegistryTest.java
Contributor
|
Refer to this link for build results (access rights to CI server needed): |
mitchell852
removed
the
WIP
rawlinp
reviewed
Oct 15, 2019
Contributor
rawlinp
left a comment
rawlinp
left a comment
There was a problem hiding this comment.
Code changes look good, could use a little reformatting
Contributor
|
Refer to this link for build results (access rights to CI server needed): |
rawlinp
approved these changes
Oct 17, 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR (Pull Request) do?
This PR adds exception handling and logging where the TR code interfaces with the tomcat-native library to create or modify the SSL Host data structures used by openssl. The exception handling prevents TR from saving host configurations when they do not get successfully written to the native structures in openssl. Therefore TR will continue to try and update them each time it polls for SSL cert changes. This PR also fixes a bug that may have been unregistering the native SSL host configurations with JMX causing them to become eligible for untimely garbage collection.
This PR does not change any functionality of TR and does not affect the documentation. One unit test has been added to demonstrate that failed updates will cause TR to attempt the update again the next time it retrieves SSL certs from TO.
Which Traffic Control components are affected by this PR?
What is the best way to verify this PR?
If this is a bug fix, what versions of Traffic Control are affected?
The following criteria are ALL met by this PR