[jira] [Created] (TS-944) ssl.server.cert.path & ssl.server.private_key.path do not work as expected

Ethan Lai (JIRA) Tue, 06 Sep 2011 04:06:53 -0700

ssl.server.cert.path & ssl.server.private_key.path do not work as expected
--------------------------------------------------------------------------


                 Key: TS-944
                 URL: https://issues.apache.org/jira/browse/TS-944
             Project: Traffic Server
          Issue Type: Bug
          Components: SSL
    Affects Versions: 3.0.1
         Environment: CentOS 5.6
TrafficServer 3.0.1
            Reporter: Ethan Lai


Weird behavior of ssl.server.cert.path & ssl.server.private_key.path

Test config1:

records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert

ssl_multicert.config:
> dest_ip=172.16.192.168  ssl_cert_name=cert2.pem ssl_key_name=cert2.key


traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or 
> directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')

My observation:
> *Trailing slash of ssl.server.cert.path not automatic added?*




Test config2:

records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert/
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING 
> /usr/local/etc/ats-cert/

ssl_multicert.config:
> dest_ip=172.16.192.168  ssl_cert_name=cert2.pem ssl_key_name=cert2.key


traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or 
> directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')

My observation:
> *Trailing slash of ssl.server.cert.path trimmed. *




Test config3:

records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert

ssl_multicert.config:
> dest_ip=210.71.204.149  ssl_cert_name=/cert2.pem ssl_key_name=cert2.key


traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or 
> directory:bss_file.c:352:fopen('cert2.key','r')

My observation:
> *ssl.server.private_key.path config value not effective ? *





Test config4:

records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING 
> /usr/local/etc/ats-cert/cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING NULL
> CONFIG proxy.config.ssl.server.private_key.filename STRING 
> /usr/local/etc/ats-cert/cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING NULL

ssl_multicert.config:
> dest_ip=210.71.204.149  ssl_cert_name=/usr/local/etc/ats-cert/cert2.pem 
> ssl_key_name=/usr/local/etc/ats-cert/cert2.key


traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or 
> directory:bss_file.c:352:fopen('/usr/local/usr/local/etc/ats-cert/cert2.pem','r')

My observation:
> *prefix added before ssl_cert_name while ssl.server.cert.path not set *




Test config5:

records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING 
> /usr/local/etc/ats-cert/cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING NULL
> CONFIG proxy.config.ssl.server.private_key.filename STRING 
> /usr/local/etc/ats-cert/cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING NULL

ssl_multicert.config:
> dest_ip=210.71.204.149  ssl_cert_name=/etc/ats-cert/cert2.pem 
> ssl_key_name=/etc/ats-cert/cert2.key


traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or 
> directory:bss_file.c:352:fopen('/etc/ats-cert/cert2.key','r')

My observation:
> *prefix NOT added before ssl_key_name while ssl.server.private_key.path not 
> set *




Worked config:

records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert

ssl_multicert.config:
> dest_ip=210.71.204.149  ssl_cert_name=/cert2.pem 
> ssl_key_name=/usr/local/etc/ats-cert

It seems ssl.server.cert.path has different (and weird) behavior with 
ssl.server.private_key.path.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Created] (TS-944) ssl.server.cert.path & ssl.server.private_key.path do not work as expected

Reply via email to