Leif Hedstrom created TS-3599:
---------------------------------
Summary: Multiple dest_ip=* directives has unpredictable behavior
in ssl_multicert.config
Key: TS-3599
URL: https://issues.apache.org/jira/browse/TS-3599
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: Leif Hedstrom
If I create an ssl_multicert.config with e.g.
{code}
dest_ip=* ssl_key_name=foo.key ssl_cert_name=foo.crt
dest_ip=* ssl_key_name=bar.key ssl_cert_name=bar.crt
{code}
Then even with an SNI enabled client, which uses SNI in the TLS handshake, ATS
seems to arbitrarily pick a cert. This seems nonsensical, I get the impression
that dest_ip=<anything> would only take effect if there is no SNI in the
handshake?
I understand that more than one dest_ip=* is perhaps not a valid configuration,
but in that case we ought to either error out (fail to start), or at least
produce a really loud warning. Clearly making it fail like this seems
unreasonable :).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
