hi,all i found that the configuration option that i used to compile v5.2.0 was different from v5.1.1,
after i recompile the v5.2.0 to used the same option as v5.1.1, the problem gone. the differences compile option i used to compile v5.2.0 and v5.1.1 : v5.1.1 ./configure --prefix=/usr/local/trafficserver-5.1.1 --with-user=trafficserver --with-group=trafficserver --sysconfdir=/home/trafficserver/etc --enable-experimental-plugins --enable-reclaimable-freelist --enable-hwloc v5.2.0 ./configure --prefix=/usr/local/trafficserver-5.2.0 --with-user=trafficserver --with-group=trafficserver --sysconfdir=/home/trafficserver/etc --enable-experimental-plugins i think the problem caused by i used reclaim feature when this feature not compiled in. 在 2015-01-29 13:39:59,"Esmq" <[email protected]> 写道: hi, when not use whildcard certificated, it works fine just like v5.1.1, when i add the following to the ssl_multicert.config, ats coredump every time i access the ssl page. dest_ip=* ssl_cert_name=ssl/sslbbs.example.com.ee.crt ssl_key_name=ssl/sslbbs.example.com.nopass.key the certificate's CN=*.sslbbs.example.com, when i open http://xxx.sslbbs.example.com/, it will cause ts to coredump and restarted. #################################################################### Certificate: Data: Version: 3 (0x2) Serial Number: 61:9e:96:42:07:bb:5e:3d:af:43:96:f0:08:61:e5:99 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Secure Server CA - G3 Validity Not Before: Apr 4 00:00:00 2014 GMT Not After : May 3 23:59:59 2017 GMT Subject: C=CN, ST=GuangDong, L=GuangZhou, O=Guangzhou Example Interactive Entertainment Co., Ltd., OU=Terms of use at www.verisign.com/rpa (c)05, CN=*.sslbbs.example.com 在 2015-01-28 21:59:00,"Susan Hinrichs" <[email protected]> 写道: Hi, The warning messages are likely harmless. They are probably complaints about conflicts if the main subject name is repeated as a subject alternative name. This has been addressed via TS-3243. I've successfully tested a basic wildcard certificated in 5.2/master. But obviously we must be doing something different. Can you share your wildcard certificate so I better replicate your case? Thanks, Susan On 1/27/2015 9:05 PM, Esmq wrote: hi,all i have just upgraded ts 5.1.1 to 5.2.0, and make no change to the configuration (using the previous working config of version 5.1.1) after toggle to 5.2.0, i found following warning message in diag.log, which all good in 5.1.1. [Jan 28 10:35:13.128] Server {0x2b34fdd3b620} NOTE: loading SSL certificate configuration from /home/trafficserver/etc/ssl_multicert.config [Jan 28 10:35:13.130] Server {0x2b34fdd3b620} WARNING: previously indexed 'daily.bb.test.com' with SSL_CTX 0x1, cannot index it with SSL_CTX #2 now [Jan 28 10:35:13.130] Server {0x2b34fdd3b620} WARNING: previously indexed wildcard certificate for '*.sslbbs.example.com' as 'com.example.sslbbs.', cannot index it with SSL_CTX #4 now furthermore, ts crash when processing the request that using whildcard ssl certificate...
