SSL Termination not working
---------------------------
Key: TS-405
URL: https://issues.apache.org/jira/browse/TS-405
Project: Traffic Server
Issue Type: Bug
Components: Core
Affects Versions: 2.1.1
Environment: Red Hat Enterprise Linux AS release 4 (Nahant Update 6) -
x86_64
Reporter: Anirban Roy
Turned on SSL termination with Apache TS-2.1.1 (proxy.config.ssl.enabled) with
other config options left as the default settings. The packages is shipped with
a certificate (server.pm) which is used for SSL session. With this default
setting, the SSL termination does not seem to work. See the error below -
[anirb...@llf531136 trafficserver]$ https_proxy=localhost:443 wget -d
--no-check-certificate https://login/yahoo.com
Setting --check-certificate (checkcertificate) to 0
DEBUG output created by Wget 1.10.2 (Red Hat modified) on linux-gnu.
--11:24:41-- https://login/yahoo.com
=> `yahoo.com'
Resolving localhost... 127.0.0.1
Caching localhost => 127.0.0.1
Connecting to localhost|127.0.0.1|:443... connected.
Created socket 3.
Releasing 0x0000000000552380 (new refcount 1).
---request begin---
CONNECT login:443 HTTP/1.0
User-Agent: Wget/1.10.2 (Red Hat modified)
---request end---
Failed reading proxy response: Connection reset by peer
Closed fd 3
Retrying.
==========================================================================================
syslog output
==========================================================================================
[anirb...@llf531136 ats-test]$ tail -f /var/log/messages | grep traffic
Jul 27 11:02:22 llf531136 traffic_manager[20264]: {182924636832} ERROR: (last
system error 9: Bad file descriptor)
Jul 27 11:24:18 llf531136 traffic_cop[25036]: --- Cop Starting [Version: Apache
Traffic Server - traffic_cop - 2.1.1-unstable - (build # 62010 on Jul 20 2010
at 10:17:13)] ---
Jul 27 11:24:18 llf531136 traffic_cop[25036]: traffic_manager not running,
making sure traffic_server is dead
Jul 27 11:24:18 llf531136 traffic_cop[25036]: spawning traffic_manager
Jul 27 11:24:18 llf531136 traffic_manager[25037]: NOTE: --- Manager Starting ---
Jul 27 11:24:18 llf531136 traffic_manager[25037]: NOTE: Manager Version: Apache
Traffic Server - traffic_manager - 2.1.1-unstable - (build # 62010 on Jul 20
2010 at 10:17:39)
Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE: updated
diags config
Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE:
[Rollback::openFile] Open of cache.config failed: Permission denied
Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE:
[Rollback::Rollback] Config file is read-only : cache.config
Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE:
[ClusterCom::ClusterCom] Node running on OS: 'Linux' Release:
'2.6.9-67.0.22.ELsmp'
Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE:
[LocalManager::listenForProxy] Listening on port: 8085
Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE:
[LocalManager::listenForProxy] Listening on port: 443
Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832} NOTE:
[TrafficManager] Setup complete
Jul 27 11:24:19 llf531136 traffic_manager[25037]: {182924636832} NOTE:
[LocalManager::startProxy] Launching ts process
Jul 27 11:24:19 llf531136 traffic_manager[25037]: {182924636832} NOTE:
[LocalManager::pollMgmtProcessServer] New process connecting fd '10'
Jul 27 11:24:19 llf531136 traffic_manager[25037]: {182924636832} NOTE:
[Alarms::signalAlarm] Server Process born
Jul 27 11:24:20 llf531136 traffic_server[25049]: NOTE: --- Server Starting ---
Jul 27 11:24:20 llf531136 traffic_server[25049]: NOTE: Server Version: Apache
Traffic Server - traffic_server - 2.1.1-unstable - (build # 62010 on Jul 20
2010 at 10:17:53)
Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: updated
diags config
Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: cache
clustering disabled
Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: cache
clustering disabled
Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: logging
initialized[7], logging_mode = 3
Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: traffic
server running
Jul 27 11:24:32 llf531136 traffic_server[25049]: {1095842144} NOTE: cache
enabled
Jul 27 11:24:41 llf531136 traffic_server[25049]: {1140050272} ERROR: SSL ERROR:
SSL_ServerHandShake.
Jul 27 11:24:41 llf531136 traffic_server[25049]: {1140050272} ERROR:
SSL::39:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy
request:s23_srvr.c:402:
Jul 27 11:24:42 llf531136 traffic_server[25049]: {1137944928} ERROR: SSL ERROR:
SSL_ServerHandShake.
Jul 27 11:24:42 llf531136 traffic_server[25049]: {1137944928} ERROR:
SSL::37:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy
request:s23_srvr.c:402:
Jul 27 11:24:44 llf531136 traffic_server[25049]: {1142155616} ERROR: SSL ERROR:
SSL_ServerHandShake.
Jul 27 11:24:44 llf531136 traffic_server[25049]: {1142155616} ERROR:
SSL::41:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy
request:s23_srvr.c:402:
==========================================================================================
traffic.out output
==========================================================================================
[E. Mgmt] log ==> [TrafficManager] using root directory
'/export/crawlspace/packages/ats-2.1.1'
[Jul 27 11:24:18.353] {182924636832} STATUS: opened
/export/crawlspace/packages/ats-2.1.1/var/log/trafficserver/manager.log
[TrafficServer] using root directory '/export/crawlspace/packages/ats-2.1.1'
[Jul 27 11:24:20.506] {182924636544} STATUS: opened
/export/crawlspace/packages/ats-2.1.1/var/log/trafficserver/diags.log
[Jul 27 11:24:41.676] Server {1140050272} ERROR: SSL ERROR: SSL_ServerHandShake.
[Jul 27 11:24:41.676] Server {1140050272} ERROR: SSL::39:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
[Jul 27 11:24:42.679] Server {1137944928} ERROR: SSL ERROR: SSL_ServerHandShake.
[Jul 27 11:24:42.679] Server {1137944928} ERROR: SSL::37:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
[Jul 27 11:24:44.681] Server {1142155616} ERROR: SSL ERROR: SSL_ServerHandShake.
[Jul 27 11:24:44.681] Server {1142155616} ERROR: SSL::41:error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
