You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2011/01/25 01:46:48 UTC
[jira] Updated: (TS-612) ATS does not allow password protected
certificates
[ https://issues.apache.org/jira/browse/TS-612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-612:
-----------------------------
Fix Version/s: (was: 2.1.6)
2.1.7
Moving out some non-critical bugs to v2.1.7.
> ATS does not allow password protected certificates
> --------------------------------------------------
>
> Key: TS-612
> URL: https://issues.apache.org/jira/browse/TS-612
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Affects Versions: 2.1.4
> Environment: Any
> Reporter: Igor Galić
> Fix For: 2.1.7
>
>
> Create a (self-signed) certificate with a password that is non-empty. {cat server.key server.crt > server.pem} and configure it as
> {CONFIG proxy.config.ssl.server.cert.filename STRING server.pem}
> The result will be:
> {noformat}
> Jan 3 10:50:16 proveedores traffic_server[2579]: NOTE: --- Server Starting ---
> Jan 3 10:50:16 proveedores traffic_server[2579]: NOTE: Server Version: Apache Traffic Server - traffic_server - 2.0.1 - (build # 113112 on Dec 31 2010 at 12:58:34)
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} STATUS: opened var/log/trafficserver/diags.log
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: updated diags config
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache clustering disabled
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: no cache disks specified in etc/trafficserver/storage.config: cache disabled
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache clustering disabled
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: unable to open cache disk(s): Cache Disabled
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL ERROR: Cannot use server private key file.
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL::0:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem_lib.c:105:
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL::0:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:406:
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL::0:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL ERROR: Can't initialize the SSL library, disabling SSL termination!.
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: logging initialized[7], logging_mode = 3
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: traffic server running
> {noformat}
> A first -- ugly -- shot would be to at least have a password field in the configuration.
> In the end something taking the input of an external program or from a file would be more desirable.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.