[jira] [Commented] (TS-1930) Remove unused SSL configurations

Thu, 30 May 2013 09:14:35 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13670441#comment-13670441
 ] 

Leif Hedstrom commented on TS-1930:
-----------------------------------

So, figured out what happens (thanks James for the hints): We do have the 
global (records.config) setting of
{code}
   # This is the path that SSL certificates files are relative to. Certificate
   # names specified in ssl_multicert.config will be located relative to this 
path.
CONFIG proxy.config.ssl.server.cert_chain.filename STRING NULL
{code}

However, the help text here is confusing. What this really does it to attach 
this "global cert chain" to all certificates as specified in 
ssl_multicert.config. As a side effect, if there are no certs in 
ssl_multicert.config, the cert_chain.filename above is never loaded.

I don't know how useful it is to keep this functionality, so seeking input on 
that. I have two possible solutions:

1) We change the names and help text for this config, to indicate what it 
really does (which is to "augment" the certs as specified in 
ssl_multicert.config. And of course, update the docs accordingly. My confusion 
upon looking at this was that I thought this was still a "global" cert used in 
the absence of a matching ssl_multicert.config, which is not the case at all.

2) We nuke this config entirely.


Alan and Igor, any thoughts?

                
> Remove unused SSL configurations
> --------------------------------
>
>                 Key: TS-1930
>                 URL: https://issues.apache.org/jira/browse/TS-1930
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: SSL
>            Reporter: Leif Hedstrom
>            Assignee: Leif Hedstrom
>             Fix For: 3.3.3
>
>
> As far as I can tell, the only way to configure SSL certificates now is 
> through the ssl_multicert.config file (Thanks James for the pointer, I had 
> forgot about that already :).
> I suggest that we remove the unused / obsoleted configuration options from 
> records.config.default.in and mgmt/RecordsConfig.cc. We should also add 
> something to the CWiki to remind people upgrading to v3.4 that this is the 
> case.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to