[
https://issues.apache.org/jira/browse/TS-3599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Leif Hedstrom updated TS-3599:
------------------------------
Assignee: Susan Hinrichs
> Multiple dest_ip=* directives has unpredictable behavior in
> ssl_multicert.config
> --------------------------------------------------------------------------------
>
> Key: TS-3599
> URL: https://issues.apache.org/jira/browse/TS-3599
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Leif Hedstrom
> Assignee: Susan Hinrichs
> Fix For: 7.0.0
>
>
> If I create an ssl_multicert.config with e.g.
> {code}
> dest_ip=* ssl_key_name=foo.key ssl_cert_name=foo.crt
> dest_ip=* ssl_key_name=bar.key ssl_cert_name=bar.crt
> {code}
> Then even with an SNI enabled client, which uses SNI in the TLS handshake,
> ATS seems to arbitrarily pick a cert. This seems nonsensical, I get the
> impression that dest_ip=<anything> would only take effect if there is no SNI
> in the handshake?
> I understand that more than one dest_ip=* is perhaps not a valid
> configuration, but in that case we ought to either error out (fail to start),
> or at least produce a really loud warning. Clearly making it fail like this
> seems unreasonable :).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
