You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2010/09/02 17:34:54 UTC

[jira] Resolved: (TS-405) SSL Termination not working

     [ https://issues.apache.org/jira/browse/TS-405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom resolved TS-405.
------------------------------

    Resolution: Fixed

Closing this, since I can't reproduce the problem reported by Anirban. Please open a new bug if those problems persist (the issue with the key/cert files should be fixed).

> SSL Termination not working
> ---------------------------
>
>                 Key: TS-405
>                 URL: https://issues.apache.org/jira/browse/TS-405
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.1.1
>         Environment: Red Hat Enterprise Linux AS release 4 (Nahant Update 6) - x86_64
>            Reporter: Anirban Roy
>             Fix For: 2.1.3
>
>
> Turned on SSL termination with Apache TS-2.1.1 (proxy.config.ssl.enabled) with other config options left as the default settings. The packages is shipped with a certificate (server.pm) which is used for SSL session. With this default setting, the SSL termination does not seem to work. See the error below -
> [anirbanr@llf531136 trafficserver]$ https_proxy=localhost:443 wget -d --no-check-certificate https://login/yahoo.com
> Setting --check-certificate (checkcertificate) to 0
> DEBUG output created by Wget 1.10.2 (Red Hat modified) on linux-gnu.
> --11:24:41--  https://login/yahoo.com
>            => `yahoo.com'
> Resolving localhost... 127.0.0.1
> Caching localhost => 127.0.0.1
> Connecting to localhost|127.0.0.1|:443... connected.
> Created socket 3.
> Releasing 0x0000000000552380 (new refcount 1).
> ---request begin---
> CONNECT login:443 HTTP/1.0
> User-Agent: Wget/1.10.2 (Red Hat modified)
> ---request end---
> Failed reading proxy response: Connection reset by peer
> Closed fd 3
> Retrying.
> ==========================================================================================
> syslog output
> ==========================================================================================
> [anirbanr@llf531136 ats-test]$ tail -f /var/log/messages | grep traffic
> Jul 27 11:02:22 llf531136 traffic_manager[20264]: {182924636832} ERROR:  (last system error 9: Bad file descriptor)
> Jul 27 11:24:18 llf531136 traffic_cop[25036]: --- Cop Starting [Version: Apache Traffic Server - traffic_cop - 2.1.1-unstable - (build # 62010 on Jul 20 2010 at 10:17:13)] ---
> Jul 27 11:24:18 llf531136 traffic_cop[25036]: traffic_manager not running, making sure traffic_server is dead
> Jul 27 11:24:18 llf531136 traffic_cop[25036]: spawning traffic_manager
> Jul 27 11:24:18 llf531136 traffic_manager[25037]: NOTE: --- Manager Starting ---
> Jul 27 11:24:18 llf531136 traffic_manager[25037]: NOTE: Manager Version: Apache Traffic Server - traffic_manager - 2.1.1-unstable - (build # 62010 on Jul 20 2010 at 10:17:39)
> Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE: updated diags config
> Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE: [Rollback::openFile] Open of cache.config failed: Permission denied
> Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE: [Rollback::Rollback] Config file is read-only : cache.config
> Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE: [ClusterCom::ClusterCom] Node running on OS: 'Linux' Release: '2.6.9-67.0.22.ELsmp'
> Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE: [LocalManager::listenForProxy] Listening on port: 8085
> Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE: [LocalManager::listenForProxy] Listening on port: 443
> Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE: [TrafficManager] Setup complete
> Jul 27 11:24:19 llf531136 traffic_manager[25037]: {182924636832} NOTE: [LocalManager::startProxy] Launching ts process
> Jul 27 11:24:19 llf531136 traffic_manager[25037]: {182924636832} NOTE: [LocalManager::pollMgmtProcessServer] New process connecting fd '10'
> Jul 27 11:24:19 llf531136 traffic_manager[25037]: {182924636832} NOTE: [Alarms::signalAlarm] Server Process born
> Jul 27 11:24:20 llf531136 traffic_server[25049]: NOTE: --- Server Starting ---
> Jul 27 11:24:20 llf531136 traffic_server[25049]: NOTE: Server Version: Apache Traffic Server - traffic_server - 2.1.1-unstable - (build # 62010 on Jul 20 2010 at 10:17:53)
> Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: updated diags config
> Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: cache clustering disabled
> Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: cache clustering disabled
> Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: logging initialized[7], logging_mode = 3
> Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: traffic server running
> Jul 27 11:24:32 llf531136 traffic_server[25049]: {1095842144} NOTE: cache enabled
> Jul 27 11:24:41 llf531136 traffic_server[25049]: {1140050272} ERROR: SSL ERROR: SSL_ServerHandShake.
> Jul 27 11:24:41 llf531136 traffic_server[25049]: {1140050272} ERROR: SSL::39:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
> Jul 27 11:24:42 llf531136 traffic_server[25049]: {1137944928} ERROR: SSL ERROR: SSL_ServerHandShake.
> Jul 27 11:24:42 llf531136 traffic_server[25049]: {1137944928} ERROR: SSL::37:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
> Jul 27 11:24:44 llf531136 traffic_server[25049]: {1142155616} ERROR: SSL ERROR: SSL_ServerHandShake.
> Jul 27 11:24:44 llf531136 traffic_server[25049]: {1142155616} ERROR: SSL::41:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
> ==========================================================================================
> traffic.out output
> ==========================================================================================
> [E. Mgmt] log ==> [TrafficManager] using root directory '/export/crawlspace/packages/ats-2.1.1'
> [Jul 27 11:24:18.353] {182924636832} STATUS: opened /export/crawlspace/packages/ats-2.1.1/var/log/trafficserver/manager.log
> [TrafficServer] using root directory '/export/crawlspace/packages/ats-2.1.1'
> [Jul 27 11:24:20.506] {182924636544} STATUS: opened /export/crawlspace/packages/ats-2.1.1/var/log/trafficserver/diags.log
> [Jul 27 11:24:41.676] Server {1140050272} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Jul 27 11:24:41.676] Server {1140050272} ERROR: SSL::39:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
> [Jul 27 11:24:42.679] Server {1137944928} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Jul 27 11:24:42.679] Server {1137944928} ERROR: SSL::37:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
> [Jul 27 11:24:44.681] Server {1142155616} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Jul 27 11:24:44.681] Server {1142155616} ERROR: SSL::41:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.