[ https://issues.apache.org/jira/browse/TS-3027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alan M. Carroll updated TS-3027: -------------------------------- Assignee: James Peach > Hashed SSL Intermediate Server Certs not recognized > --------------------------------------------------- > > Key: TS-3027 > URL: https://issues.apache.org/jira/browse/TS-3027 > Project: Traffic Server > Issue Type: Bug > Components: SSL > Reporter: Steven Feltner > Assignee: James Peach > Fix For: 5.1.0 > > Attachments: HashedSSL.patch > > > Tested on: > CentOS 6.5 x86_64 > trafficserver-5.0.1 > Pertinent Config Values: > CONFIG proxy.config.ssl.CA.cert.filename STRING NULL > #CONFIG proxy.config.ssl.CA.cert.filename STRING combined_ca_bundle.crt > CONFIG proxy.config.ssl.CA.cert.path STRING /var/linhosting/users/local > (with and without CA.cert.filename configured) > CONFIG proxy.config.ssl.client.certification_level INT 0 > CONFIG proxy.config.ssl.client.verify.server INT 0 > c_rehash (from OpenSSL) called from command line to create hash symlinks > Currently, SSL_CTX_load_verify_locations is only called in two cases: > if (params->clientCertLevel != 0) { > and > if (params->clientVerify) { > Attached patch will create a precedence such that: > if ssl_ca_name= is configured in ssl_multicert.config > use that to build the cert chain > else if proxy.config.ssl.CA.cert.filename is configured (along with > proxy.config.ssl.CA.cert.path) > use that file to build the chain > else if proxy.config.ssl.CA.cert.path is configured (and > proxy.config.ssl.CA.cert.filename is NULL) > use the hashed symlinks in that directory to build the chain > else > error out because we don't have the right configuration to build the chain -- This message was sent by Atlassian JIRA (v6.2#6252)