[jira] [Created] (TS-3518) Multiple ssl_ca_name's in ssl_multicert breaks all intermediate CAs

[Thomas Jackson (JIRA)]

Thomas Jackson created TS-3518:
----------------------------------

             Summary: Multiple ssl_ca_name's in ssl_multicert breaks all 
intermediate CAs
                 Key: TS-3518
                 URL: https://issues.apache.org/jira/browse/TS-3518
             Project: Traffic Server
          Issue Type: Bug
            Reporter: Thomas Jackson


In ssl_multicert you can specify multiple ssl_cert_name and ssl_key_name, such 
as:

{code}
dest_ip=127.0.0.2 ssl_cert_name=www.example.com.cert,www.example.com.ecdsa.cert 
ssl_key_name=www.example.com.key,www.example.com.ecdsa.key
{code}

Sometimes you need to specify an intermediate CA (a lot of the time TBH), which 
from the docs sounds like you should be able to do:

{code}
dest_ip=127.0.0.2 ssl_cert_name=www.example.com.cert,www.example.com.ecdsa.cert 
ssl_key_name=www.example.com.key,www.example.com.ecdsa.key 
ssl_ca_name=RSA_intermediate,ECDSA,intermediate
{code}

Since you can specify ssl_ca_name for single certs, similar to cert_name and 
key_name, but this currently doesn't work. In addition to not working for ECDSA 
this seems to actually break *all* intermediate CAs from being served. I've 
created a test case (https://github.com/apache/trafficserver/pull/186) which 
shows the issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)