[jira] [Commented] (TS-2353) add ability to load ssl certs that are owned by root and only read only by the user

James Peach (JIRA) Thu, 02 Jan 2014 09:32:30 -0800

    [ 
https://issues.apache.org/jira/browse/TS-2353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13860370#comment-13860370
 ]


James Peach commented on TS-2353:
---------------------------------

I think that the right way to do this might be to integrate with the Linux 
kernel keyring service:
   - http://lxr.linux.no/linux+v3.12.6/Documentation/security/keys.txt
   - 
http://lxr.linux.no/linux+v3.12.6/Documentation/security/keys-request-key.txt

> add ability to load ssl certs that are owned by root and only read only by 
> the user
> -----------------------------------------------------------------------------------
>
>                 Key: TS-2353
>                 URL: https://issues.apache.org/jira/browse/TS-2353
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: HTTP, SSL
>            Reporter: Bryan Call
>            Assignee: Manjesh Nilange
>             Fix For: 4.2.0
>
>         Attachments: ssl-start-as-root.patch
>
>
> [Nov 15 01:11:23.748] Server {0x2aaff3cb33a0} ERROR:
> SSL::0:error:0200100D:system library:fopen:Permission
> denied:bss_file.c:355:fopen('/****/search.crt','r')
> [Nov 15 01:11:23.748] Server {0x2aaff3cb33a0} ERROR:
> SSL::0:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
> [Nov 15 01:11:23.748] Server {0x2aaff3cb33a0} ERROR:
> SSL::0:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
> lib:ssl_rsa.c:470:



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

[jira] [Commented] (TS-2353) add ability to load ssl certs that are owned by root and only read only by the user

Reply via email to