mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-08 08:07:10 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket command

Browse Source 
It seems haproxy was doing wrong pointer arithmetic to update the ticket
ring correctly.
This commit is contained in:
Pradeep Jindal 2015-08-20 18:25:17 +05:30 committed by Willy Tarreau
parent d8e42b6b3a
commit cc79b003cb
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/dumpstats.c
View File

@ -1933,8 +1933,8 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line)
return 1; return 1;
} }
memcpy(appctx->ctx.tlskeys.ref->tlskeys + 2 % TLS_TICKETS_NO, trash.str, trash.len); memcpy(appctx->ctx.tlskeys.ref->tlskeys + ((appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO), trash.str, trash.len);
appctx->ctx.tlskeys.ref->tls_ticket_enc_index = appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 1 % TLS_TICKETS_NO; appctx->ctx.tlskeys.ref->tls_ticket_enc_index = (appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
appctx->ctx.cli.msg = "TLS ticket key updated!"; appctx->ctx.cli.msg = "TLS ticket key updated!";
appctx->st0 = STAT_CLI_PRINT; appctx->st0 = STAT_CLI_PRINT;

4
src/ssl_sock.c
View File

@ -500,8 +500,8 @@ int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err) {
return 1; return 1;
} }
memcpy((char *) (ref->tlskeys + 2 % TLS_TICKETS_NO), tlskey->str, tlskey->len); memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)), tlskey->str, tlskey->len);
ref->tls_ticket_enc_index = ref->tls_ticket_enc_index + 1 % TLS_TICKETS_NO; ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
return 0; return 0;
} }