[jira] [Updated] (TS-612) ATS does not allow password protected certificates

[Leif Hedstrom (Updated) (JIRA)]

     [ 
https://issues.apache.org/jira/browse/TS-612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Leif Hedstrom updated TS-612:
-----------------------------

    Fix Version/s:     (was: 3.1.2)
                   3.1.3

I'm moving all 3.1.2 bugs out to 3.1.3, and we can move some 3.1.1 bugs out to 
3.1.2, to get some release action going.
                
> ATS does not allow password protected certificates
> --------------------------------------------------
>
>                 Key: TS-612
>                 URL: https://issues.apache.org/jira/browse/TS-612
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: SSL
>    Affects Versions: 2.1.4
>         Environment: Any
>            Reporter: Igor Galić
>             Fix For: 3.1.3
>
>
> Create a (self-signed) certificate with a password that is non-empty. {cat 
> server.key server.crt > server.pem} and configure it as
> {CONFIG proxy.config.ssl.server.cert.filename STRING server.pem}
> The result will be:
> {noformat}
> Jan  3 10:50:16 proveedores traffic_server[2579]: NOTE: --- Server Starting 
> ---
> Jan  3 10:50:16 proveedores traffic_server[2579]: NOTE: Server Version: 
> Apache Traffic Server - traffic_server - 2.0.1 - (build # 113112 on Dec 31 
> 2010 at 12:58:34)
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} STATUS: opened 
> var/log/trafficserver/diags.log
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: updated 
> diags config
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache 
> clustering disabled
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: no 
> cache disks specified in etc/trafficserver/storage.config: cache disabled
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache 
> clustering disabled
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: 
> unable to open cache disk(s): Cache Disabled
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL 
> ERROR: Cannot use server private key file.
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: 
> SSL::0:error:0906406D:PEM routines:PEM_def_callback:problems getting 
> password:pem_lib.c:105:
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: 
> SSL::0:error:0906A068:PEM routines:PEM_do_header:bad password 
> read:pem_lib.c:406:
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: 
> SSL::0:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM 
> lib:ssl_rsa.c:669:
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL 
> ERROR: Can't initialize the SSL library, disabling SSL termination!.
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: logging 
> initialized[7], logging_mode = 3
> Jan  3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: traffic 
> server running
> {noformat}
> A first -- ugly -- shot would be to at least have a password field in the 
> configuration.
> In the end something taking the input of an external program or from a file 
> would be more desirable.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira