I meant more what *units* the handshake_timer is. Looking at the code, it
seems to be in seconds meaning it is unlikely that is the problem (if the
handshake took .5s with a 20s timeout).
I'd recommend having any configuration value at most once, although I don't
think it would break anything.
Hello Apache Supporters and Enthusiasts
This is your FINAL reminder that the Call for Papers (CFP) for the
Apache EU Roadshow is closing soon. Our Apache EU Roadshow will focus on
Cloud, IoT, Apache Tomcat, Apache Http and will run from 13-14 June 2018
in Berlin.
Note that the CFP deadline
Hi,
What you want is 'proxy.config.ssl.CA.cert.filename' and
proxy.config.ssl.CA.cert.path not the client.CA configs. I know it is a bit
confusing. The client.CA ones are used to verify origin server certificates.
Try the configs and see if that works.
Docs for the configs:
records.config —
If you are in a test environment where you can share your wireshark pcap
file that might also be interesting.
On Wed, Feb 21, 2018 at 11:58 AM, Persia Aziz wrote:
> Do you see this EOF if you have client verification disabled?
>
> Syeda Persia Aziz
> Software Developer
>
Do you see this EOF if you have client verification disabled?
Syeda Persia Aziz
Software DeveloperYahoo! Inc.Champaign, Illinois
On Wednesday, February 21, 2018, 11:48:40 AM CST, Persia Aziz
wrote:
Hmm interesting. From your debug log, looks like ATS wants to
I have assigned these variables also the same values -
CONFIG proxy.config.ssl.CA.cert.filename STRING ca.pem
CONFIG proxy.config.ssl.CA.cert.path STRING /directory/where/ca.pem
# and
CONFIG proxy.config.ssl.client.CA.cert.filename STRING ca.pem
CONFIG proxy.config.ssl.client.CA.cert.path
Hmm interesting. From your debug log, looks like ATS wants to read more data
from the buffer which it can not find. Hence, throwing an EOF.
Syeda Persia Aziz
Software DeveloperYahoo! Inc.Champaign, Illinois
On Wednesday, February 21, 2018, 11:35:11 AM CST, salil GK
It looks like in this exchange the client did not send a client
certificate. But the other exchanges in the log file don't have the "
ssl3_get_client_certificate:peer did not return a certificate" message. So
perhaps one test exchange had the client certificate missing.
The server certificate
This looks like the important part of the logs (you can drop by my desk for
further detail if you want, Susan & Persia). AFAICT this covers an entire
transaction. I checked the start up messages and saw no errors, but I did
not see any mention of 'ca.pem'. Is there some typo in his configuration?