trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Persia Aziz <persia.a...@yahoo.com>
Subject Re: Connection rejected for MTLS forward proxy
Date Wed, 21 Feb 2018 17:18:19 GMT
Hi,
What you want is 'proxy.config.ssl.CA.cert.filename' and proxy.config.ssl.CA.cert.path not
the client.CA configs. I know it is a bit confusing. The client.CA ones are used to verify
origin server certificates. Try the configs and see if that works.
Docs for the configs:
records.config — Apache Traffic Server 8.0.0 documentation


| 
| 
|  | 
records.config — Apache Traffic Server 8.0.0 documentation


 |

 |

 |




- SincerelySyeda Persia Aziz
Software DeveloperYahoo! Inc.Champaign, Illinois 

    On Wednesday, February 21, 2018, 10:41:32 AM CST, Alan Carroll <solidwallofcode@oath.com>
wrote:  
 
 I meant more what *units* the handshake_timer is. Looking at the code, it seems to be in
seconds meaning it is unlikely that is the problem (if the handshake took .5s with a 20s timeout).
I'd recommend having any configuration value at most once, although I don't think it would
break anything.
Looking at the code, it appears the client cert verify callback was hit (SSLUtils.cc:1687)
with a failure reported by openSSL. I'd look at debug messages much earlier, during process
start, to see if the certs are getting loaded correctly.

  
Mime
View raw message