ssl support issue

[mahakala <ma...@gmail.com>]

hi,all
When we configure the ssl support in TrafficServer, in runtime, it log "No
such file or directory:bss_file.c" in background, we had openssl &
openssl-devel installed. Would you help us to figure this out? Thanks very
much.

Mahakala Dubias

Re: ssl support issue

[mahakala <ma...@gmail.com>]

hi, Eric
We have configure the records.config, in the error message, I think it maybe
is the relative path problem.
[Nov 23 10:58:07.967] Server {3086854784} ERROR:
SSL::0:error:02001002:system library:fopen:No such file or
directory:bss_file.c:259:fopen('./usr/local/etc/trafficserver/cert/server.crt','r')

And Can I bind the ssl support service to a certain ip address?Thanks.

Bing Han

records.config:

CONFIG proxy.config.ssl.enabled INT 1
CONFIG proxy.config.ssl.accelerator_required INT 0
CONFIG proxy.config.ssl.SSLv2 INT 1
CONFIG proxy.config.ssl.SSLv3 INT 1
CONFIG proxy.config.ssl.TLSv1 INT 1
CONFIG proxy.config.ssl.accelerator.type INT 0
CONFIG proxy.config.ssl.atalla.lib.path STRING /opt/atalla/lib
CONFIG proxy.config.ssl.ncipher.lib.path STRING /opt/nfast/toolkits/hwcrhk
CONFIG proxy.config.ssl.cswift.lib.path STRING /usr/lib
CONFIG proxy.config.ssl.server_port INT 4430
CONFIG proxy.config.ssl.client.certification_level INT 0
CONFIG proxy.config.ssl.server.cert.filename STRING server.crt
CONFIG proxy.config.ssl.server.cert_chain.filename STRING NULL
CONFIG proxy.config.ssl.server.cert.path STRING
/usr/local/etc/trafficserver/cert
CONFIG proxy.config.ssl.server.private_key.filename STRING server.key
CONFIG proxy.config.ssl.server.private_key.path STRING
/usr/local/etc/trafficserver/cert
CONFIG proxy.config.ssl.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.CA.cert.path STRING NULL
CONFIG proxy.config.ssl.client.verify.server INT 0
CONFIG proxy.config.ssl.client.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.cert.path STRING NULL
CONFIG proxy.config.ssl.client.private_key.filename STRING NULL
CONFIG proxy.config.ssl.client.private_key.path STRING NULL
CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.CA.cert.path STRING NULL

traffice server  stdout :
[Nov 23 10:58:07.966] Server {3086854784} ERROR: SSL ERROR: Cannot use
server certificate file.
[Nov 23 10:58:07.967] Server {3086854784} ERROR:
SSL::0:error:02001002:system library:fopen:No such file or
directory:bss_file.c:259:fopen('./usr/local/etc/trafficserver/cert/server.crt','r')
[Nov 23 10:58:07.967] Server {3086854784} ERROR: SSL::0:error:20074002:BIO
routines:FILE_CTRL:system lib:bss_file.c:261:
[Nov 23 10:58:07.967] Server {3086854784} ERROR: SSL::0:error:140AD002:SSL
routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:513:
[Nov 23 10:58:07.967] Server {3086854784} ERROR: SSL ERROR: Can't initialize
the SSL library, disabling SSL termination!.


On Mon, Nov 23, 2009 at 10:30 AM, Eric Balsa <er...@apache.org> wrote:

> Did you specify your certificate in records.config? That error is from
> openssl, not TS.
>
> Did you take a look at:
> http://incubator.apache.org/trafficserver/docs/admin/secure.htm ?
>
> --Eric
>
> On Sun, Nov 22, 2009 at 5:41 PM, mahakala <ma...@gmail.com> wrote:
> > hi,all
> > When we configure the ssl support in TrafficServer, in runtime, it log
> "No
> > such file or directory:bss_file.c" in background, we had openssl &
> > openssl-devel installed. Would you help us to figure this out? Thanks
> very
> > much.
> >
> > Mahakala Dubias
> >
>

Re: ssl support issue

[Eric Balsa <er...@apache.org>]

Did you specify your certificate in records.config? That error is from
openssl, not TS.

Did you take a look at:
http://incubator.apache.org/trafficserver/docs/admin/secure.htm ?

--Eric

On Sun, Nov 22, 2009 at 5:41 PM, mahakala <ma...@gmail.com> wrote:
> hi,all
> When we configure the ssl support in TrafficServer, in runtime, it log "No
> such file or directory:bss_file.c" in background, we had openssl &
> openssl-devel installed. Would you help us to figure this out? Thanks very
> much.
>
> Mahakala Dubias
>