You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2020/04/30 23:09:41 UTC
[GitHub] [trafficcontrol] ocket8888 opened a new issue #4677: atstccfg uses incorrect key/cert paths
ocket8888 opened a new issue #4677:
URL: https://github.com/apache/trafficcontrol/issues/4677
## I'm submitting a ...
- bug report
## Traffic Control components affected ...
- Traffic Ops ORT (atstccfg)
## Current behavior:
The locations for [keys](https://github.com/apache/trafficcontrol/blob/master/traffic_ops/ort/atstccfg/cfgfile/sslkeys.go#L65) and [certificates](https://github.com/apache/trafficcontrol/blob/master/traffic_ops/ort/atstccfg/cfgfile/sslkeys.go#L71) are currently hard-coded in atstccfg, and don't respect the `location` parameters.
## Expected / new behavior:
atstccfg should respect "location" parameters and output files with correct `Path` headers.
## Minimal reproduction of the problem with instructions:
Run atstccfg with your ssl_multicert's "location" parameter set to anything other than `/opt/trafficserver/etc/trafficserver/ssl/`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] ocket8888 commented on issue #4677: atstccfg uses incorrect key/cert paths
Posted by GitBox <gi...@apache.org>.
ocket8888 commented on issue #4677:
URL: https://github.com/apache/trafficcontrol/issues/4677#issuecomment-622204075
Yeah, it's not a regression.
And that is where ATS will look. A smarter system could look at those instead, I certainly don't have a problem with that. But `location` parameters are how we typically handle that, and I know those Parameters exist in the default profiles (or did) because that's where I copied them from.
It just seems a bit inconsistent for this to not follow the same pattern as every other file. I hope in the future that `location` Parameters can be totally obliterated, and I'm on board if you wanna start that now, it just seems that a better time would be when ORT is rewritten.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] rob05c commented on issue #4677: atstccfg uses incorrect key/cert paths
Posted by GitBox <gi...@apache.org>.
rob05c commented on issue #4677:
URL: https://github.com/apache/trafficcontrol/issues/4677#issuecomment-622172887
This is how ORT has always done it: https://github.com/apache/trafficcontrol/blob/3.1.x/traffic_ops/bin/traffic_ops_ort.pl#L2949
I agree, it shouldn't be hard-coded. But, should it be the ssl_multicert.config location Parameter? Or should it be the `records.config `CONFIG proxy.config.ssl.server.cert.path` and `
CONFIG proxy.config.ssl.server.private_key.path` Parameters? The latter are where ATS will look for them, I believe.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] rob05c edited a comment on issue #4677: atstccfg uses incorrect key/cert paths
Posted by GitBox <gi...@apache.org>.
rob05c edited a comment on issue #4677:
URL: https://github.com/apache/trafficcontrol/issues/4677#issuecomment-622172887
This is how ORT has always done it: https://github.com/apache/trafficcontrol/blob/3.1.x/traffic_ops/bin/traffic_ops_ort.pl#L2949
I agree, it shouldn't be hard-coded. But, should it be the `ssl_multicert.config` `location` Parameter? Or should it be the `records.config `CONFIG proxy.config.ssl.server.cert.path` and `CONFIG proxy.config.ssl.server.private_key.path` Parameters? The latter are where ATS will look for them, I believe.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] rob05c edited a comment on issue #4677: atstccfg uses incorrect key/cert paths
Posted by GitBox <gi...@apache.org>.
rob05c edited a comment on issue #4677:
URL: https://github.com/apache/trafficcontrol/issues/4677#issuecomment-622172887
This is how ORT has always done it: https://github.com/apache/trafficcontrol/blob/3.1.x/traffic_ops/bin/traffic_ops_ort.pl#L2949
I agree, it shouldn't be hard-coded. But, should it be the `ssl_multicert.config` `location` Parameter? Or should it be the `records.config` `CONFIG proxy.config.ssl.server.cert.path` and `CONFIG proxy.config.ssl.server.private_key.path` Parameters? The latter are where ATS will look for them, I believe.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org