From 0064bec0760dc57868a4fa5eaaffccdf04ec8439 Mon Sep 17 00:00:00 2001 From: Persia Aziz Date: Mon, 12 Sep 2016 11:13:55 -0500 Subject: [PATCH] TS-4263: keyblock varialbe configurable via records.config --- iocore/net/SSLUtils.cc | 9 ++++++--- mgmt/RecordsConfig.cc | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 9b8b79ae1bb..3bc3d2a6d93 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -2055,9 +2055,12 @@ SSLParseCertificateConfiguration(const SSLConfigParams *params, SSLCertLookup *l // load the global ticket key for later use REC_ReadConfigStringAlloc(ticket_key_filename, "proxy.config.ssl.server.ticket_key.filename"); - ats_scoped_str ticket_key_path(Layout::relative_to(params->serverCertPathOnly, ticket_key_filename)); - global_default_keyblock = ssl_create_ticket_keyblock(ticket_key_path); // this function just returns a keyblock - + if (ticket_key_filename != NULL) { + ats_scoped_str ticket_key_path(Layout::relative_to(params->serverCertPathOnly, ticket_key_filename)); + global_default_keyblock = ssl_create_ticket_keyblock(ticket_key_path); // this function just returns a keyblock + } else { + global_default_keyblock = ssl_create_ticket_keyblock(NULL); // this function just returns a keyblock + } Note("loading SSL certificate configuration from %s", params->configFilePath); if (params->configFilePath) { diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 35eac11af66..1a0da3db2db 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -1243,7 +1243,7 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL} , - {RECT_CONFIG, "proxy.config.ssl.server.ticket_key.filename", RECD_STRING, "ssl_ticket.key", RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL} + {RECT_CONFIG, "proxy.config.ssl.server.ticket_key.filename", RECD_STRING, NULL, RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL} , {RECT_CONFIG, "proxy.config.ssl.server.private_key.path", RECD_STRING, TS_BUILD_SYSCONFDIR, RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} ,