Add logic to make the server.policy and server.properties settings reloadable #9572
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shinrich
force-pushed
the
reloadable-server-policy
branch
from
40cc654 to
73f9032
Compare
Contributor
|
[approve ci cmake] |
brbzull0
previously approved these changes
Apr 3, 2023
Contributor
brbzull0
left a comment
brbzull0
left a comment
There was a problem hiding this comment.
Looks good, just a minitor comment that can be fixed in another PR probably, no biggie.
iocore/net/SSLConfig.cc
Outdated
| } else if (strcmp(verify_server, "NONE") == 0) { | ||
| verifyServerProperties = YamlSNIConfig::Property::NONE; | ||
| } else { | ||
| Warning("%s is invalid for proxy.config.ssl.client.verify.server.properties. Should be one of SIGNATURE, NAME, or ALL", |
Contributor
There was a problem hiding this comment.
I know this was already in the code but(not big issue) I would probably mention that NONE will be set in this case as per the docs ALL seems the default, it could be misleading and someone may think ALL will be used in this case.
iocore/net/SSLConfig.cc
Outdated
| } else if (strcmp(verify_server, "ENFORCED") == 0) { | ||
| verifyServerPolicy = YamlSNIConfig::Policy::ENFORCED; | ||
| } else { | ||
| Warning("%s is invalid for proxy.config.ssl.client.verify.server.policy. Should be one of DISABLED, PERMISSIVE, or ENFORCED", |
Contributor
There was a problem hiding this comment.
Same here, I would mention that this is now DISABLED
Member
Author
|
@brbzull0 good points. I pushed up another commit to address. |
shinrich
force-pushed
the
reloadable-server-policy
branch
from
8dcfc2d to
a385c9c
Compare
Contributor
Member
Author
|
Seems like a bug fix that would be good to backport. I'm not relying on this fix however. So getting it in 10.x would be good enough for me. Seems low risk in any case. |
Contributor
|
Cherry-picked to v9.2.x |
cmcfarlen
pushed a commit
to cmcfarlen/trafficserver
that referenced
this pull request
Jun 3, 2024
* asf/master: (42 commits) Add logic to make the server.policy and server.properties settings reloadable (apache#9572) Add CMake to the required PR CI builds (apache#9575) fixup cmake build for master and add conditional for io_uring support (apache#9571) Cleanup: Use swoc::meta instead of ts::meta. (apache#9566) codeql 24: Multiplication result converted to larger type (apache#9569) Drop support for old quiche (apache#9561) QUIC: Ignore default_inactivity_timeout in favour of proxy.config.quic.no_activity_timeout_in. (apache#9564) Fix log format specifications (apache#9568) Add `current_time_epoch_ms` stat to be appended before the server version. This allows computation of stats externally based on the cache time frame. This can help alleviate issues with sliding windows between various stats programs that generate discrepencies (apache#9567) Define BIO macros in ink_ssl.h (apache#9557) combine UDPPacket and UDPPacketInternal (apache#9424) Update codeql.yml (apache#9560) Http2 to origin (apache#9366) coverity 1497413: Use of 32-bit time_t (apache#9556) Add support for multiple yaml config files for wasm plugin (apache#9483) Add TS_HAS_QUICHE feature variable. (apache#9547) mime header field parsing fix trailing quote handlling (apache#9513) Make magick plugin buildable with BoringSSL (apache#9554) QUIC: Test basic scenarios around the ts.quic.no_activity_timeout_in config. (apache#9543) Fix records events deps (apache#9511) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Registered callback and added autest.
This closes #9563