You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2014/02/01 16:48:09 UTC

[jira] [Reopened] (TS-2031) Two SSL certs with overlapping CNs stomps over each other without warnings

     [ https://issues.apache.org/jira/browse/TS-2031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom reopened TS-2031:
-------------------------------


I'm going to reopen this, since this actually (for me) breaks backwards compatibility. The ordering / priority of the certs has changed it seems. Lets leave this open, such that the community and Phil can decide if this should stay in v4.2.0 or move to 5.0.0.

> Two SSL certs with overlapping CNs stomps over each other without warnings
> --------------------------------------------------------------------------
>
>                 Key: TS-2031
>                 URL: https://issues.apache.org/jira/browse/TS-2031
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Leif Hedstrom
>            Assignee: James Peach
>            Priority: Minor
>             Fix For: 4.2.0
>
>         Attachments: TS-2031.diff
>
>
> If you have two certs that has the same CNs, the last one wins in the SNI negotiation. This even takes precedence over "assigned" IPs (SNI trumps IP). We should at least warn on this.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)