You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2012/07/24 07:19:35 UTC

[jira] [Created] (TS-1380) ssl wildcard lookup doesn't find the longest match

James Peach created TS-1380:
-------------------------------

             Summary: ssl wildcard lookup doesn't find the longest match
                 Key: TS-1380
                 URL: https://issues.apache.org/jira/browse/TS-1380
             Project: Traffic Server
          Issue Type: Bug
          Components: SSL
    Affects Versions: 3.2.0
            Reporter: James Peach
             Fix For: 3.3.0


Bug report from Todd Harpersberger: <http://mail-archives.apache.org/mod_mbox/trafficserver-users/201207.mbox/%3c91112f477153d56256ca116e9c198016@mail.gmail.com%3e>

Note that Todd states the *.mycompany.com certificate is always served. This should not happen because we always search for the *longest* wildcard match. 



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TS-1380) SSL wildcard lookup doesn't find the longest match

Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/TS-1380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13421619#comment-13421619 ] 

Leif Hedstrom commented on TS-1380:
-----------------------------------

Looks good, except passing in the strlen(reverse) + 1. From the IRC discussion, it seems this was not intended?
                
> SSL wildcard lookup doesn't find the longest match
> --------------------------------------------------
>
>                 Key: TS-1380
>                 URL: https://issues.apache.org/jira/browse/TS-1380
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 3.2.0
>            Reporter: James Peach
>            Assignee: James Peach
>             Fix For: 3.3.0
>
>
> Bug report from Todd Harpersberger: <http://mail-archives.apache.org/mod_mbox/trafficserver-users/201207.mbox/%3c91112f477153d56256ca116e9c198016@mail.gmail.com%3e>
> Note that Todd states the *.mycompany.com certificate is always served. This should not happen because we always search for the *longest* wildcard match. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TS-1380) SSL wildcard lookup doesn't find the longest match

Posted by "James Peach (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/TS-1380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13421189#comment-13421189 ] 

James Peach commented on TS-1380:
---------------------------------

There's a bug in the Trie. If we have a previous match and it has the same rank as a subsequent match, then the Trie search will return the shorter of the two matches. This is not really desirable; we always want to use the longer match.
                
> SSL wildcard lookup doesn't find the longest match
> --------------------------------------------------
>
>                 Key: TS-1380
>                 URL: https://issues.apache.org/jira/browse/TS-1380
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 3.2.0
>            Reporter: James Peach
>             Fix For: 3.3.0
>
>
> Bug report from Todd Harpersberger: <http://mail-archives.apache.org/mod_mbox/trafficserver-users/201207.mbox/%3c91112f477153d56256ca116e9c198016@mail.gmail.com%3e>
> Note that Todd states the *.mycompany.com certificate is always served. This should not happen because we always search for the *longest* wildcard match. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (TS-1380) SSL wildcard lookup doesn't find the longest match

Posted by "James Peach (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/TS-1380?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

James Peach resolved TS-1380.
-----------------------------

    Resolution: Fixed
      Assignee: James Peach

758d8657b012a671940f54951d5c6bc3be6056ec TS-1380: SSL wildcard lookup doesn't find the longest match

                
> SSL wildcard lookup doesn't find the longest match
> --------------------------------------------------
>
>                 Key: TS-1380
>                 URL: https://issues.apache.org/jira/browse/TS-1380
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 3.2.0
>            Reporter: James Peach
>            Assignee: James Peach
>             Fix For: 3.3.0
>
>
> Bug report from Todd Harpersberger: <http://mail-archives.apache.org/mod_mbox/trafficserver-users/201207.mbox/%3c91112f477153d56256ca116e9c198016@mail.gmail.com%3e>
> Note that Todd states the *.mycompany.com certificate is always served. This should not happen because we always search for the *longest* wildcard match. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (TS-1380) SSL wildcard lookup doesn't find the longest match

Posted by "James Peach (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/TS-1380?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

James Peach updated TS-1380:
----------------------------

    Summary: SSL wildcard lookup doesn't find the longest match  (was: ssl wildcard lookup doesn't find the longest match)
    
> SSL wildcard lookup doesn't find the longest match
> --------------------------------------------------
>
>                 Key: TS-1380
>                 URL: https://issues.apache.org/jira/browse/TS-1380
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 3.2.0
>            Reporter: James Peach
>             Fix For: 3.3.0
>
>
> Bug report from Todd Harpersberger: <http://mail-archives.apache.org/mod_mbox/trafficserver-users/201207.mbox/%3c91112f477153d56256ca116e9c198016@mail.gmail.com%3e>
> Note that Todd states the *.mycompany.com certificate is always served. This should not happen because we always search for the *longest* wildcard match. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira