You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2015/05/17 19:36:00 UTC
[jira] [Resolved] (TS-3518) Multiple ssl_ca_name's in ssl_multicert
breaks all intermediate CAs
[ https://issues.apache.org/jira/browse/TS-3518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Susan Hinrichs resolved TS-3518.
--------------------------------
Resolution: Fixed
> Multiple ssl_ca_name's in ssl_multicert breaks all intermediate CAs
> -------------------------------------------------------------------
>
> Key: TS-3518
> URL: https://issues.apache.org/jira/browse/TS-3518
> Project: Traffic Server
> Issue Type: Bug
> Reporter: Thomas Jackson
> Assignee: Susan Hinrichs
> Fix For: 6.0.0
>
>
> In ssl_multicert you can specify multiple ssl_cert_name and ssl_key_name, such as:
> {code}
> dest_ip=127.0.0.2 ssl_cert_name=www.example.com.cert,www.example.com.ecdsa.cert ssl_key_name=www.example.com.key,www.example.com.ecdsa.key
> {code}
> Sometimes you need to specify an intermediate CA (a lot of the time TBH), which from the docs sounds like you should be able to do:
> {code}
> dest_ip=127.0.0.2 ssl_cert_name=www.example.com.cert,www.example.com.ecdsa.cert ssl_key_name=www.example.com.key,www.example.com.ecdsa.key ssl_ca_name=RSA_intermediate,ECDSA_intermediate
> {code}
> Since you can specify ssl_ca_name for single certs, similar to cert_name and key_name, but this currently doesn't work. In addition to not working for ECDSA this seems to actually break *all* intermediate CAs from being served. I've created a test case (https://github.com/apache/trafficserver/pull/186) which shows the issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)