You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Phil Sorber (JIRA)" <ji...@apache.org> on 2014/02/01 17:56:10 UTC
[jira] [Commented] (TS-2031) Two SSL certs with overlapping CNs
stomps over each other without warnings
[ https://issues.apache.org/jira/browse/TS-2031?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13888649#comment-13888649 ]
Phil Sorber commented on TS-2031:
---------------------------------
It sounds like this issue grew from the original complaint. I think we should split this into two Jira's. One with a fix that is adding only a warning. The other for change fiddles with the wildcard behavior. Keep the former in 4.2 and put the latter in 5.0.
Thoughts?
> Two SSL certs with overlapping CNs stomps over each other without warnings
> --------------------------------------------------------------------------
>
> Key: TS-2031
> URL: https://issues.apache.org/jira/browse/TS-2031
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Leif Hedstrom
> Assignee: James Peach
> Priority: Minor
> Fix For: 4.2.0
>
> Attachments: TS-2031.diff
>
>
> If you have two certs that has the same CNs, the last one wins in the SNI negotiation. This even takes precedence over "assigned" IPs (SNI trumps IP). We should at least warn on this.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)