Skip to content

TS-4619: intermediate chain loading can miss certificates.#853

Merged
shinrich merged 1 commit intoapache:masterfrom
shinrich:ts-4619
Aug 12, 2016
Merged

TS-4619: intermediate chain loading can miss certificates.#853
shinrich merged 1 commit intoapache:masterfrom
shinrich:ts-4619

Conversation

@shinrich
Copy link
Copy Markdown
Member

@shinrich shinrich commented Aug 11, 2016

Made the changes @jpeach suggested in the bug. Tested with three deep chains for rsa and ec (cert and two signers). Tested with both signers in the ssl_ca_name files. Tested with all three certs in the ssl_cert_name file.

@shinrich shinrich added the TLS label Aug 11, 2016
@atsci
Copy link
Copy Markdown

atsci commented Aug 11, 2016

FreeBSD build successful! See https://ci.trafficserver.apache.org/job/Github-FreeBSD/521/ for details.

@atsci
Copy link
Copy Markdown

atsci commented Aug 11, 2016

Linux build successful! See https://ci.trafficserver.apache.org/job/Github-Linux/418/ for details.

@jpeach
Copy link
Copy Markdown
Contributor

jpeach commented Aug 12, 2016

Is SSL_add1_chain_cert different from SSL_add0_chain_cert?

This looks good to me 👍

@shinrich
Copy link
Copy Markdown
Member Author

shinrich commented Aug 12, 2016

The add1 version increments the reference count of the certificate, The add0 version doesn't, so it effectively takes ownership of the reference you pass in. From the man page

"All these functions are implemented as macros. Those containing a 1 increment the reference count of the supplied certificate or chain so it must be freed at some point after the operation. Those containing a 0 do not increment reference counts and the supplied certificate or chain MUST NOT be freed after the operation."

@shinrich shinrich merged commit df09fa3 into apache:master Aug 12, 2016
@zwoop zwoop added this to the Old milestone Jan 8, 2019
@serrislew serrislew mentioned this pull request Dec 3, 2022
Merged
bneradt added a commit to bneradt/trafficserver that referenced this pull request Jul 12, 2024
@bneradt
YTSATS-4260: Revert libswoc IntrusiveHashMap (apache#853)
8e1053c 
Revert "libswoc: Update IntrusiveHashMap in HTTP session manager. (apache#9872)"

apache#9872

This reverts commit ca4f8cd.

I'm reverting this IntrusiveHashMap switch to libswoc because it
introduces a spike in our origin side connections.

The following is also reverted to add back the IntrusiveHashMap
and IntrusiveDList implementations:

Revert "libswoc: Remove legacy IntrusiveHashMap (apache#10104)"

This reverts commit 5706e3b.

Revert "libswoc: Remove legacy IntrusiveDList. (apache#10106)"

This reverts commit 5d0a549.

Co-authored-by: bneradt <bneradt@yahooinc.com>
bneradt pushed a commit to bneradt/trafficserver that referenced this pull request Jul 12, 2024
Revert "YTSATS-4260: Revert libswoc IntrusiveHashMap (apache#853)"
6b77b2b 
This reverts commit 8e1053c.

We no longer need this since Comcast and I fixed IntrusiveHashMap for
HttpSessionManager.

 Conflicts:
	doc/developer-guide/internal-libraries/intrusive-list.en.rst
	include/proxy/http/HttpSessionManager.h
	include/proxy/http/remap/PluginDso.h
	include/proxy/http/remap/PluginFactory.h
	include/proxy/http3/QPACK.h
	include/tscore/IntrusiveHashMap.h
	include/tsutil/IntrusiveDList.h
	plugins/experimental/txn_box/Pipfile
	plugins/experimental/txn_box/plugin/CMakeLists.txt
	src/tscore/CMakeLists.txt
	src/tscore/Makefile.am
	src/tscore/unit_tests/test_IntrusiveHashMap.cc
	src/tsutil/unit_tests/test_IntrusiveDList.cc
masaori335 pushed a commit to masaori335/trafficserver that referenced this pull request May 29, 2025
Add parens (apache#853)
dd7f571
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jpeach jpeach

Labels

TLS

Projects

None yet

Milestone

Old

Development

Successfully merging this pull request may close these issues.

4 participants

@shinrich @atsci @jpeach @zwoop