]> git.ipfire.org Git - thirdparty/squid.git/commit
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 31876b2) | patch
Do not assert if we fail to compose ssl_crtd request. Do blocking generation.
authorAlex Rousskov <rousskov@measurement-factory.com>
Thu, 8 Mar 2012 01:50:04 +0000 (18:50 -0700)
committerAlex Rousskov <rousskov@measurement-factory.com>
Thu, 8 Mar 2012 01:50:04 +0000 (18:50 -0700)
commit00fc192d0fc07257f60477a20459a079c9034b39
tree5888bbc46a05fcdb2e8e2f140f9853a04f5f172ctree
parent31876b2848fcf1f75273786edec3945d0cb80388commit | diff
Do not assert if we fail to compose ssl_crtd request. Do blocking generation.

Users report assertions when OpenSSL fails to write a true server certificate
to to memory. Since that certificate is received from a 3rd party, we should
not assert that it is writeable. Besides, OpenSSL may have limitations/bugs
even if dealing with valid certificates.

If we fail to componse a request, we now try the good old blocking in-process
certificate generation.

Currently, it is not known what exactly causes OpenSSL to fail as we are
unable to trigger the assertion in a controlled test.
src/client_side.cc diff | blob | blame | history
src/ssl/crtd_message.cc diff | blob | blame | history
src/ssl/crtd_message.h diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git