You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/02/25 18:12:19 UTC

[jira] [Commented] (TS-2563) Set the SSL default verify paths when ssl.client.verify.server=1

    [ https://issues.apache.org/jira/browse/TS-2563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13911730#comment-13911730 ] 

ASF subversion and git services commented on TS-2563:
-----------------------------------------------------

Commit a64033ad5d5e80489c89f0d1d478dedc8c9109c2 in trafficserver's branch refs/heads/master from [~sunwei]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=a64033a ]

TS-2563: always set the SSL default verify paths

When working at reverse proxy mode with the following remap rule:

map https://xxx1.com https://xxx2.com
ssl.client.verify.server=1

If xxx2.com is providing trusted certificate and
'ssl.client.CA.cert.filename' is NULL, ats should be able to verify
the certificate in terms of the default provided CAs.


> Set the SSL default verify paths when ssl.client.verify.server=1
> ----------------------------------------------------------------
>
>                 Key: TS-2563
>                 URL: https://issues.apache.org/jira/browse/TS-2563
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Wei Sun
>            Assignee: James Peach
>             Fix For: 5.0.0
>
>         Attachments: TS-2563.diff
>
>
> When working at reverse proxy mode with the following remap rule:
> map https://xxx1.com https://xxx2.com
> ssl.client.verify.server=1
> If xxx2.com is providing trusted certificate and 'ssl.client.CA.cert.filename' is NULL, ats should be able to verify the certificate in terms of the default provided CAs.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)