Hmm interesting. From your debug log, looks like ATS wants to read more data
from the buffer which it can not find. Hence, throwing an EOF.
Syeda Persia Aziz
Software DeveloperYahoo! Inc.Champaign, Illinois
On Wednesday, February 21, 2018, 11:35:11 AM CST, salil GK
<[email protected]> wrote:
I have assigned these variables also the same values -
CONFIG proxy.config.ssl.CA.cert.filename STRING ca.pem
CONFIG proxy.config.ssl.CA.cert.path STRING /directory/where/ca.pem
# and
CONFIG proxy.config.ssl.client.CA.cert.filename STRING ca.pem
CONFIG proxy.config.ssl.client.CA.cert.path STRING /directory/where/ca.pem
On 21 February 2018 at 22:48, Persia Aziz <[email protected]> wrote:
Hi,
What you want is 'proxy.config.ssl.CA.cert. filename' and
proxy.config.ssl.CA.cert. path not the client.CA configs. I know it is a bit
confusing. The client.CA ones are used to verify origin server certificates.
Try the configs and see if that works.
Docs for the configs:
records.config — Apache Traffic Server 8.0.0 documentation
|
|
| |
records.config — Apache Traffic Server 8.0.0 documentation
|
|
|
- SincerelySyeda Persia Aziz
Software DeveloperYahoo! Inc.Champaign, Illinois
On Wednesday, February 21, 2018, 10:41:32 AM CST, Alan Carroll
<[email protected]> wrote:
I meant more what *units* the handshake_timer is. Looking at the code, it
seems to be in seconds meaning it is unlikely that is the problem (if the
handshake took .5s with a 20s timeout).
I'd recommend having any configuration value at most once, although I don't
think it would break anything.
Looking at the code, it appears the client cert verify callback was hit
(SSLUtils.cc:1687) with a failure reported by openSSL. I'd look at debug
messages much earlier, during process start, to see if the certs are getting
loaded correctly.
