[
https://issues.apache.org/jira/browse/TS-2353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13886890#comment-13886890
]
Ron Barber commented on TS-2353:
--------------------------------
How about this for the new option (modeled after the existing and similar
proxy.config.plugin.load_elevated):
CONFIG proxy.config.ssl.cert.load_elevated INT 0
Enables (``1``) or disables (``0``) elevation of traffic_server
privileges during loading of SSL certificates. By enabling this, SSL
certificate files' access rights can be restricted to help reduce the
vulnerability of certificates.
> add ability to load ssl certs that are owned by root and only read only by
> the user
> -----------------------------------------------------------------------------------
>
> Key: TS-2353
> URL: https://issues.apache.org/jira/browse/TS-2353
> Project: Traffic Server
> Issue Type: Improvement
> Components: HTTP, SSL
> Reporter: Bryan Call
> Assignee: James Peach
> Fix For: 4.2.0
>
> Attachments: TS-2353-mutex.patch, TS-2353_3.patch,
> ssl-start-as-root.patch
>
>
> [Nov 15 01:11:23.748] Server {0x2aaff3cb33a0} ERROR:
> SSL::0:error:0200100D:system library:fopen:Permission
> denied:bss_file.c:355:fopen('/****/search.crt','r')
> [Nov 15 01:11:23.748] Server {0x2aaff3cb33a0} ERROR:
> SSL::0:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
> [Nov 15 01:11:23.748] Server {0x2aaff3cb33a0} ERROR:
> SSL::0:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
> lib:ssl_rsa.c:470:
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
