You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "David Carlin (JIRA)" <ji...@apache.org> on 2012/07/04 00:56:34 UTC
[jira] [Created] (TS-1332) "ERROR: Cannot insert duplicate!" when
SSL cert has same domain in CN and SAN
David Carlin created TS-1332:
--------------------------------
Summary: "ERROR: Cannot insert duplicate!" when SSL cert has same domain in CN and SAN
Key: TS-1332
URL: https://issues.apache.org/jira/browse/TS-1332
Project: Traffic Server
Issue Type: Bug
Components: SSL
Affects Versions: 3.2.0
Environment: ATS 3.2.0 RHEL 6.2 64-bit
Reporter: David Carlin
Priority: Minor
I see the following error when starting ATS:
[Jul 3 22:09:23.878] Server {0x2b2f97c6b860} ERROR: Cannot insert duplicate!
bcall helped me figure out what the problem is by looking through the source; apparently this error message occurs when the SSL certificate is loaded. Its caused because the same domain appears in the CN and the SAN of the cert.
There was a relevant discussion between jpeach/bcall/zwoop on #traffic-server June 15th ~3PM PST if you guys keep IRC logs. Lots of further troubleshooting in there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-1332) "ERROR: Cannot insert duplicate!" when
SSL cert has same domain in CN and SAN
Posted by "James Peach (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406261#comment-13406261 ]
James Peach commented on TS-1332:
---------------------------------
IIRC this is harmless. As you point out, it will happen when the certificate's subject also appears in the SNI host name list. I'll take this bug you double-check and drop the log level of the message.
> "ERROR: Cannot insert duplicate!" when SSL cert has same domain in CN and SAN
> -----------------------------------------------------------------------------
>
> Key: TS-1332
> URL: https://issues.apache.org/jira/browse/TS-1332
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Affects Versions: 3.2.0
> Environment: ATS 3.2.0 RHEL 6.2 64-bit
> Reporter: David Carlin
> Priority: Minor
>
> I see the following error when starting ATS:
> [Jul 3 22:09:23.878] Server {0x2b2f97c6b860} ERROR: Cannot insert duplicate!
> bcall helped me figure out what the problem is by looking through the source; apparently this error message occurs when the SSL certificate is loaded. Its caused because the same domain appears in the CN and the SAN of the cert.
> There was a relevant discussion between jpeach/bcall/zwoop on #traffic-server June 15th ~3PM PST if you guys keep IRC logs. Lots of further troubleshooting in there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-1332) "ERROR: Cannot insert duplicate!" when
SSL cert has same domain in CN and SAN
Posted by "Igor Galić (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Galić updated TS-1332:
---------------------------
Backport to Version: (was: 3.2.1)
> "ERROR: Cannot insert duplicate!" when SSL cert has same domain in CN and SAN
> -----------------------------------------------------------------------------
>
> Key: TS-1332
> URL: https://issues.apache.org/jira/browse/TS-1332
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Affects Versions: 3.2.0
> Environment: ATS 3.2.0 RHEL 6.2 64-bit
> Reporter: David Carlin
> Assignee: James Peach
> Priority: Minor
> Fix For: 3.3.0
>
>
> I see the following error when starting ATS:
> [Jul 3 22:09:23.878] Server {0x2b2f97c6b860} ERROR: Cannot insert duplicate!
> bcall helped me figure out what the problem is by looking through the source; apparently this error message occurs when the SSL certificate is loaded. Its caused because the same domain appears in the CN and the SAN of the cert.
> There was a relevant discussion between jpeach/bcall/zwoop on #traffic-server June 15th ~3PM PST if you guys keep IRC logs. Lots of further troubleshooting in there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-1332) "ERROR: Cannot insert duplicate!" when
SSL cert has same domain in CN and SAN
Posted by "James Peach (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406262#comment-13406262 ]
James Peach commented on TS-1332:
---------------------------------
NOTE: need to verify whether inserting duplicates can cause a memory leak can plug if it can ...
> "ERROR: Cannot insert duplicate!" when SSL cert has same domain in CN and SAN
> -----------------------------------------------------------------------------
>
> Key: TS-1332
> URL: https://issues.apache.org/jira/browse/TS-1332
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Affects Versions: 3.2.0
> Environment: ATS 3.2.0 RHEL 6.2 64-bit
> Reporter: David Carlin
> Assignee: James Peach
> Priority: Minor
>
> I see the following error when starting ATS:
> [Jul 3 22:09:23.878] Server {0x2b2f97c6b860} ERROR: Cannot insert duplicate!
> bcall helped me figure out what the problem is by looking through the source; apparently this error message occurs when the SSL certificate is loaded. Its caused because the same domain appears in the CN and the SAN of the cert.
> There was a relevant discussion between jpeach/bcall/zwoop on #traffic-server June 15th ~3PM PST if you guys keep IRC logs. Lots of further troubleshooting in there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (TS-1332) "ERROR: Cannot insert duplicate!" when
SSL cert has same domain in CN and SAN
Posted by "James Peach (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Peach resolved TS-1332.
-----------------------------
Resolution: Fixed
Fix Version/s: 3.3.0
b512fef TS-1332: Silence spurious error when adding SSL certificates with alternate names
> "ERROR: Cannot insert duplicate!" when SSL cert has same domain in CN and SAN
> -----------------------------------------------------------------------------
>
> Key: TS-1332
> URL: https://issues.apache.org/jira/browse/TS-1332
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Affects Versions: 3.2.0
> Environment: ATS 3.2.0 RHEL 6.2 64-bit
> Reporter: David Carlin
> Assignee: James Peach
> Priority: Minor
> Fix For: 3.3.0
>
>
> I see the following error when starting ATS:
> [Jul 3 22:09:23.878] Server {0x2b2f97c6b860} ERROR: Cannot insert duplicate!
> bcall helped me figure out what the problem is by looking through the source; apparently this error message occurs when the SSL certificate is loaded. Its caused because the same domain appears in the CN and the SAN of the cert.
> There was a relevant discussion between jpeach/bcall/zwoop on #traffic-server June 15th ~3PM PST if you guys keep IRC logs. Lots of further troubleshooting in there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-1332) "ERROR: Cannot insert duplicate!" when
SSL cert has same domain in CN and SAN
Posted by "Igor Galić (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Galić updated TS-1332:
---------------------------
Backport to Version: 3.2.1
> "ERROR: Cannot insert duplicate!" when SSL cert has same domain in CN and SAN
> -----------------------------------------------------------------------------
>
> Key: TS-1332
> URL: https://issues.apache.org/jira/browse/TS-1332
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Affects Versions: 3.2.0
> Environment: ATS 3.2.0 RHEL 6.2 64-bit
> Reporter: David Carlin
> Assignee: James Peach
> Priority: Minor
> Fix For: 3.3.0
>
>
> I see the following error when starting ATS:
> [Jul 3 22:09:23.878] Server {0x2b2f97c6b860} ERROR: Cannot insert duplicate!
> bcall helped me figure out what the problem is by looking through the source; apparently this error message occurs when the SSL certificate is loaded. Its caused because the same domain appears in the CN and the SAN of the cert.
> There was a relevant discussion between jpeach/bcall/zwoop on #traffic-server June 15th ~3PM PST if you guys keep IRC logs. Lots of further troubleshooting in there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (TS-1332) "ERROR: Cannot insert duplicate!" when
SSL cert has same domain in CN and SAN
Posted by "James Peach (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Peach reassigned TS-1332:
-------------------------------
Assignee: James Peach
> "ERROR: Cannot insert duplicate!" when SSL cert has same domain in CN and SAN
> -----------------------------------------------------------------------------
>
> Key: TS-1332
> URL: https://issues.apache.org/jira/browse/TS-1332
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Affects Versions: 3.2.0
> Environment: ATS 3.2.0 RHEL 6.2 64-bit
> Reporter: David Carlin
> Assignee: James Peach
> Priority: Minor
>
> I see the following error when starting ATS:
> [Jul 3 22:09:23.878] Server {0x2b2f97c6b860} ERROR: Cannot insert duplicate!
> bcall helped me figure out what the problem is by looking through the source; apparently this error message occurs when the SSL certificate is loaded. Its caused because the same domain appears in the CN and the SAN of the cert.
> There was a relevant discussion between jpeach/bcall/zwoop on #traffic-server June 15th ~3PM PST if you guys keep IRC logs. Lots of further troubleshooting in there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira