 |
 |
@abh3 requested changes on this pull request.
Please read the comment explaining why some of the changes need to be undone. Specifically, the original code starting at line 876 to the end of Session() should have been changed.
In src/XrdTls/XrdTlsContext.cc:
> #endif -// Save the generated context and clear it's presence -// - XrdTlsContext *ctxold = pImpl->ctxnew; - pImpl->ctxnew = 0; -
OK, I see there is a misunderstanding here. What the original code actually does is grab the X509 store from the new context and sets it to be used by the current context. It then simply deletes the new context and sets the pointer to it to zero, indicating that there is no new x509 store so that the x509 transfer executes only once and allows a new x509 store to be created. The reason we need to do that is because an x509 store creation also requires the creation of a context but we never want to use that newly created context. We must continue to use the current context because we don't know how the current context is being used (e.g. there may be an outstanding pointer to it). So, we must always use the current context to create SSL objects. The changes starting on line 876 undo all of that and I would say that it's luck that it worked. Hence, all of the original code starting at line 876 should not have been changed. The code above that line was indeed incorrect and your changes fixed that, thanks!.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1