You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Ethan Lai (JIRA)" <ji...@apache.org> on 2011/09/06 13:08:09 UTC
[jira] [Updated] (TS-944) ssl.server.cert.path &
ssl.server.private_key.path do not work as expected
[ https://issues.apache.org/jira/browse/TS-944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ethan Lai updated TS-944:
-------------------------
Description:
Weird behavior of ssl.server.cert.path & ssl.server.private_key.path
Test config1:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
ssl_multicert.config:
> dest_ip=172.16.192.168 ssl_cert_name=cert2.pem ssl_key_name=cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')
My observation:
> *Trailing slash of ssl.server.cert.path not automatic added?*
Test config2:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert/
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert/
ssl_multicert.config:
> dest_ip=172.16.192.168 ssl_cert_name=cert2.pem ssl_key_name=cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')
My observation:
> *Trailing slash of ssl.server.cert.path trimmed.*
Test config3:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/cert2.pem ssl_key_name=cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('cert2.key','r')
My observation:
> *ssl.server.private_key.path config value not effective?*
Test config4:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING /usr/local/etc/ats-cert/cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING NULL
> CONFIG proxy.config.ssl.server.private_key.filename STRING /usr/local/etc/ats-cert/cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING NULL
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/usr/local/etc/ats-cert/cert2.pem ssl_key_name=/usr/local/etc/ats-cert/cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/usr/local/etc/ats-cert/cert2.pem','r')
My observation:
> *prefix added before ssl_cert_name while ssl.server.cert.path not set*
Test config5:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING /usr/local/etc/ats-cert/cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING NULL
> CONFIG proxy.config.ssl.server.private_key.filename STRING /usr/local/etc/ats-cert/cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING NULL
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/etc/ats-cert/cert2.pem ssl_key_name=/etc/ats-cert/cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/ats-cert/cert2.key','r')
My observation:
> *prefix NOT added before ssl_key_name while ssl.server.private_key.path not set*
Worked config:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/cert2.pem ssl_key_name=/usr/local/etc/ats-cert
It seems ssl.server.cert.path has different (and weird) behavior with ssl.server.private_key.path.
was:
Weird behavior of ssl.server.cert.path & ssl.server.private_key.path
Test config1:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
ssl_multicert.config:
> dest_ip=172.16.192.168 ssl_cert_name=cert2.pem ssl_key_name=cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')
My observation:
> *Trailing slash of ssl.server.cert.path not automatic added?*
Test config2:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert/
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert/
ssl_multicert.config:
> dest_ip=172.16.192.168 ssl_cert_name=cert2.pem ssl_key_name=cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')
My observation:
> *Trailing slash of ssl.server.cert.path trimmed. *
Test config3:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/cert2.pem ssl_key_name=cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('cert2.key','r')
My observation:
> *ssl.server.private_key.path config value not effective ? *
Test config4:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING /usr/local/etc/ats-cert/cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING NULL
> CONFIG proxy.config.ssl.server.private_key.filename STRING /usr/local/etc/ats-cert/cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING NULL
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/usr/local/etc/ats-cert/cert2.pem ssl_key_name=/usr/local/etc/ats-cert/cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/usr/local/etc/ats-cert/cert2.pem','r')
My observation:
> *prefix added before ssl_cert_name while ssl.server.cert.path not set *
Test config5:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING /usr/local/etc/ats-cert/cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING NULL
> CONFIG proxy.config.ssl.server.private_key.filename STRING /usr/local/etc/ats-cert/cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING NULL
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/etc/ats-cert/cert2.pem ssl_key_name=/etc/ats-cert/cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/ats-cert/cert2.key','r')
My observation:
> *prefix NOT added before ssl_key_name while ssl.server.private_key.path not set *
Worked config:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/cert2.pem ssl_key_name=/usr/local/etc/ats-cert
It seems ssl.server.cert.path has different (and weird) behavior with ssl.server.private_key.path.
> ssl.server.cert.path & ssl.server.private_key.path do not work as expected
> --------------------------------------------------------------------------
>
> Key: TS-944
> URL: https://issues.apache.org/jira/browse/TS-944
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Affects Versions: 3.0.1
> Environment: CentOS 5.6
> TrafficServer 3.0.1
> Reporter: Ethan Lai
>
> Weird behavior of ssl.server.cert.path & ssl.server.private_key.path
> Test config1:
> records.config:
> > CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> > CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> > CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> > CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
> ssl_multicert.config:
> > dest_ip=172.16.192.168 ssl_cert_name=cert2.pem ssl_key_name=cert2.key
> traffic.out:
> > ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')
> My observation:
> > *Trailing slash of ssl.server.cert.path not automatic added?*
> Test config2:
> records.config:
> > CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> > CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert/
> > CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> > CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert/
> ssl_multicert.config:
> > dest_ip=172.16.192.168 ssl_cert_name=cert2.pem ssl_key_name=cert2.key
> traffic.out:
> > ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')
> My observation:
> > *Trailing slash of ssl.server.cert.path trimmed.*
> Test config3:
> records.config:
> > CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> > CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> > CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> > CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
> ssl_multicert.config:
> > dest_ip=210.71.204.149 ssl_cert_name=/cert2.pem ssl_key_name=cert2.key
> traffic.out:
> > ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('cert2.key','r')
> My observation:
> > *ssl.server.private_key.path config value not effective?*
> Test config4:
> records.config:
> > CONFIG proxy.config.ssl.server.cert.filename STRING /usr/local/etc/ats-cert/cert1.pem
> > CONFIG proxy.config.ssl.server.cert.path STRING NULL
> > CONFIG proxy.config.ssl.server.private_key.filename STRING /usr/local/etc/ats-cert/cert1.key
> > CONFIG proxy.config.ssl.server.private_key.path STRING NULL
> ssl_multicert.config:
> > dest_ip=210.71.204.149 ssl_cert_name=/usr/local/etc/ats-cert/cert2.pem ssl_key_name=/usr/local/etc/ats-cert/cert2.key
> traffic.out:
> > ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/usr/local/etc/ats-cert/cert2.pem','r')
> My observation:
> > *prefix added before ssl_cert_name while ssl.server.cert.path not set*
> Test config5:
> records.config:
> > CONFIG proxy.config.ssl.server.cert.filename STRING /usr/local/etc/ats-cert/cert1.pem
> > CONFIG proxy.config.ssl.server.cert.path STRING NULL
> > CONFIG proxy.config.ssl.server.private_key.filename STRING /usr/local/etc/ats-cert/cert1.key
> > CONFIG proxy.config.ssl.server.private_key.path STRING NULL
> ssl_multicert.config:
> > dest_ip=210.71.204.149 ssl_cert_name=/etc/ats-cert/cert2.pem ssl_key_name=/etc/ats-cert/cert2.key
> traffic.out:
> > ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/ats-cert/cert2.key','r')
> My observation:
> > *prefix NOT added before ssl_key_name while ssl.server.private_key.path not set*
> Worked config:
> records.config:
> > CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> > CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> > CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> > CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
> ssl_multicert.config:
> > dest_ip=210.71.204.149 ssl_cert_name=/cert2.pem ssl_key_name=/usr/local/etc/ats-cert
> It seems ssl.server.cert.path has different (and weird) behavior with ssl.server.private_key.path.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira