[
https://issues.apache.org/jira/browse/TS-3518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14549515#comment-14549515
]
Thomas Jackson commented on TS-3518:
------------------------------------
[~shinrich] You should have been getting emails from CI about a test failure
after that commit-- since that test was marked as "expected failure". I've
removed the "expected failure" marking, since this now passes-- so we can
ensure no regressions.
> Multiple ssl_ca_name's in ssl_multicert breaks all intermediate CAs
> -------------------------------------------------------------------
>
> Key: TS-3518
> URL: https://issues.apache.org/jira/browse/TS-3518
> Project: Traffic Server
> Issue Type: Bug
> Reporter: Thomas Jackson
> Assignee: Susan Hinrichs
> Fix For: 6.0.0
>
>
> In ssl_multicert you can specify multiple ssl_cert_name and ssl_key_name,
> such as:
> {code}
> dest_ip=127.0.0.2
> ssl_cert_name=www.example.com.cert,www.example.com.ecdsa.cert
> ssl_key_name=www.example.com.key,www.example.com.ecdsa.key
> {code}
> Sometimes you need to specify an intermediate CA (a lot of the time TBH),
> which from the docs sounds like you should be able to do:
> {code}
> dest_ip=127.0.0.2
> ssl_cert_name=www.example.com.cert,www.example.com.ecdsa.cert
> ssl_key_name=www.example.com.key,www.example.com.ecdsa.key
> ssl_ca_name=RSA_intermediate,ECDSA_intermediate
> {code}
> Since you can specify ssl_ca_name for single certs, similar to cert_name and
> key_name, but this currently doesn't work. In addition to not working for
> ECDSA this seems to actually break *all* intermediate CAs from being served.
> I've created a test case (https://github.com/apache/trafficserver/pull/186)
> which shows the issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
