[
https://issues.apache.org/jira/browse/TS-4180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15246317#comment-15246317
]
ASF GitHub Bot commented on TS-4180:
------------------------------------
GitHub user shinrich opened a pull request:
https://github.com/apache/trafficserver/pull/578
TS-4180: Support for multiple intermediate cert chains
Previous fix parsed the comma separated file names, but would only load the
first file.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/shinrich/trafficserver ts-4180
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/578.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #578
----
commit 25cde3c99f655781060639ca3038059622adbc77
Author: shinrich <[email protected]>
Date: 2016-04-18T18:50:29Z
TS-4180: Support for multiple intermediate cert chains
----
> support for serving multiple intermediate cert chains
> -----------------------------------------------------
>
> Key: TS-4180
> URL: https://issues.apache.org/jira/browse/TS-4180
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Reporter: Scott Beardsley
> Assignee: Susan Hinrichs
> Labels: yahoo
> Fix For: 6.2.0
>
>
> We would like to serve two different intermediate certificate chains for RSA
> certs and ECDSA certs. Today they are required to be in the same chain. It
> seems the best way would be to modify "ssl_ca_name" (or
> proxy.config.ssl.CA.cert.path) to support a comma-delimited list of
> intermediate files.
> Bonus points if ATS validates that the intermediate chain matches the cert
> being served (and spits out an error if there is a mismatch)!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
