You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/11/17 22:01:01 UTC

[jira] [Work logged] (TS-5022) Multiple Client Certificate to Origin

     [ https://issues.apache.org/jira/browse/TS-5022?focusedWorklogId=32162&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-32162 ]

ASF GitHub Bot logged work on TS-5022:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 17/Nov/16 22:00
            Start Date: 17/Nov/16 22:00
    Worklog Time Spent: 10m 
      Work Description: GitHub user persiaAziz opened a pull request:

    https://github.com/apache/trafficserver/pull/1226

    TS-5022: Allow multiple client cert for ATS

    Allow ATS to choose the certificate to use while making ssl connection with an origin server. Remap plugin can set "proxy.config.ssl.client.cert.path" and "proxy.config.ssl.client.cert.filename" which are overridable configs now. This code has been tested with [microserver](https://bitbucket.org/persiaAziz/ats_tests/src/23ed086bfb426761d8836d282cbb7c2327e5d0ab/tests/tools/microServer?at=microserver) 


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/persiaAziz/trafficserver TS-5022

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafficserver/pull/1226.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1226
    
----
commit 0122ed112a4d52e9ae6cdd97b7d3e1d71efb9454
Author: Persia Aziz <pe...@yahoo-inc.com>
Date:   2016-11-14T17:51:27Z

    TS-5022: Allow multiple client cert for ATS

----


Issue Time Tracking
-------------------

            Worklog Id:     (was: 32162)
            Time Spent: 10m
    Remaining Estimate: 0h

> Multiple Client Certificate to Origin
> -------------------------------------
>
>                 Key: TS-5022
>                 URL: https://issues.apache.org/jira/browse/TS-5022
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Security, SSL, TLS
>            Reporter: Scott Beardsley
>            Assignee: Syeda Persia Aziz
>              Labels: yahoo
>             Fix For: 7.1.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Yahoo has a use case where the origin is doing mutual TLS authentication which requires ATS to send a client certificate. This works fine (for now) because ATS supports configuring *one* client cert but this feature should really allow multiple client certificates to be configured which would depend upon the origin being contacted.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)