Normalized the warning messages and included details on how the openssl check failed. Also adding the FQDN and address of the server to make it easier to determine which specific server is failing. If pristine host headers are used the SNI name is not sufficient to figure out which origin server is returning the bad cert. With these changes Dave Carlin was able to quickly identify problem origin's to track down.
Related to PR #4207 which corrects how the proxy.config.ssl.client.verify.server is interpreted. [ Full content available at: https://github.com/apache/trafficserver/pull/4216 ] This message was relayed via gitbox.apache.org for [email protected]
