[
https://issues.apache.org/jira/browse/TS-3518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14549512#comment-14549512
]
ASF subversion and git services commented on TS-3518:
-----------------------------------------------------
Commit 37569c139e32e9179922cbb0c0d60194461d03ce in trafficserver's branch
refs/heads/master from [~jacksontj]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=37569c1 ]
Re-enable ca tests now that TS-3518 is resolved
> Multiple ssl_ca_name's in ssl_multicert breaks all intermediate CAs
> -------------------------------------------------------------------
>
> Key: TS-3518
> URL: https://issues.apache.org/jira/browse/TS-3518
> Project: Traffic Server
> Issue Type: Bug
> Reporter: Thomas Jackson
> Assignee: Susan Hinrichs
> Fix For: 6.0.0
>
>
> In ssl_multicert you can specify multiple ssl_cert_name and ssl_key_name,
> such as:
> {code}
> dest_ip=127.0.0.2
> ssl_cert_name=www.example.com.cert,www.example.com.ecdsa.cert
> ssl_key_name=www.example.com.key,www.example.com.ecdsa.key
> {code}
> Sometimes you need to specify an intermediate CA (a lot of the time TBH),
> which from the docs sounds like you should be able to do:
> {code}
> dest_ip=127.0.0.2
> ssl_cert_name=www.example.com.cert,www.example.com.ecdsa.cert
> ssl_key_name=www.example.com.key,www.example.com.ecdsa.key
> ssl_ca_name=RSA_intermediate,ECDSA_intermediate
> {code}
> Since you can specify ssl_ca_name for single certs, similar to cert_name and
> key_name, but this currently doesn't work. In addition to not working for
> ECDSA this seems to actually break *all* intermediate CAs from being served.
> I've created a test case (https://github.com/apache/trafficserver/pull/186)
> which shows the issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
