trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Esmq <e...@163.com>
Subject Re:Re: ts crash for whildcard ssl certificate with version 5.2.0
Date Thu, 29 Jan 2015 05:39:59 GMT
hi,
when not use whildcard certificated, it works fine just like v5.1.1, when i add the following
to the ssl_multicert.config, ats coredump every time i access the ssl page.
dest_ip=* ssl_cert_name=ssl/sslbbs.example.com.ee.crt ssl_key_name=ssl/sslbbs.example.com.nopass.key

the certificate's CN=*.sslbbs.example.com,
when i open http://xxx.sslbbs.example.com/, it will cause ts to coredump and restarted.


####################################################################
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:9e:96:42:07:bb:5e:3d:af:43:96:f0:08:61:e5:99
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa
(c)10, CN=VeriSign Class 3 Secure Server CA - G3
        Validity
            Not Before: Apr  4 00:00:00 2014 GMT
            Not After : May  3 23:59:59 2017 GMT
        Subject: C=CN, ST=GuangDong, L=GuangZhou, O=Guangzhou Example Interactive Entertainment
Co., Ltd., OU=Terms of use at www.verisign.com/rpa (c)05, CN=*.sslbbs.example.com


在 2015-01-28 21:59:00,"Susan Hinrichs" <shinrich@network-geographics.com> 写道:
Hi,

The warning messages are likely harmless.  They are probably complaints about conflicts if
the main subject name is repeated as a subject alternative name.  This has been addressed
via TS-3243.

I've successfully tested a basic wildcard certificated in 5.2/master.  But obviously we must
be doing something different.  Can you share your wildcard certificate so I better replicate
your case?

Thanks,
Susan


On 1/27/2015 9:05 PM, Esmq wrote:

hi,all

i have just upgraded ts 5.1.1 to 5.2.0,
and make no change to the configuration (using the previous working config of version 5.1.1)

after toggle to 5.2.0, i found following warning message in diag.log, which all good in 5.1.1.

[Jan 28 10:35:13.128] Server {0x2b34fdd3b620} NOTE: loading SSL certificate configuration
from /home/trafficserver/etc/ssl_multicert.config
[Jan 28 10:35:13.130] Server {0x2b34fdd3b620} WARNING: previously indexed 'daily.bb.test.com'
with SSL_CTX 0x1, cannot index it with SSL_CTX #2 now
[Jan 28 10:35:13.130] Server {0x2b34fdd3b620} WARNING: previously indexed wildcard certificate
for '*.sslbbs.example.com' as 'com.example.sslbbs.', cannot index it with SSL_CTX #4 now

furthermore,  ts crash when processing the request that using whildcard ssl certificate...




Mime
View raw message