[jira] [Commented] (TS-1993) ATS looking for chain certificate in the wrong place

[ASF subversion and git services (JIRA)]

    [ 
https://issues.apache.org/jira/browse/TS-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718919#comment-13718919
 ] 

ASF subversion and git services commented on TS-1993:
-----------------------------------------------------

Commit 848a13c7e0c6de3168550b2cd4872aa0b24e5412 in branch refs/heads/master 
from [~jpe...@apache.org]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=848a13c ]

TS-1993: looking for SSL certificate chain in the wrong place

We should always look for server certificate chains relative to the
SSL certificate directory.

                
> ATS looking for chain certificate in the wrong place
> ----------------------------------------------------
>
>                 Key: TS-1993
>                 URL: https://issues.apache.org/jira/browse/TS-1993
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Configuration, SSL
>            Reporter: David Carlin
>            Assignee: James Peach
>             Fix For: 3.3.5
>
>
> ATS 3.3.4 is looking for the chain certificate in the wrong location.  Here 
> is my config:
> proxy.config.ssl.server.cert.path = conf/other/ssl
> proxy.config.ssl.server.cert_chain.filename = CA.pem
> ssl_multicert.config = dest_ip=* ssl_cert_name=website.pem
> When I start ATS I see the following message indicating the root directory:
> [TrafficServer] using root directory '/root/path'
> and the following error in /var/log/messages:
> Jul  1 19:32:15 l6 traffic_server[2167]: {0x2b7a4b3e9f60} ERROR: 
> SSL::0:error:02001002:system library:fopen:No such file or 
> directory:bss_file.c:126:fopen('/root/path/conf/trafficserver/conf/other/ssl/CA.pem','r')
> It should be looking in /root/path/conf/other/ssl/CA.pem - this same config 
> worked in ATS 3.2.0
> Instead its injecting "conf/trafficserver" in the middle of the path which 
> happens to be the value of proxy.config.config_dir
> It appears to be loading the website certificate from the right location - 
> /root/path/conf/other/ssl/website.pem - I know this because if I delete the 
> file and restart ATS, I can see the ATS error where its trying to load it 
> from the correct path:
> Jul  2 14:44:33 l6 traffic_server[53961]: {0x2ae47437a540} ERROR: 
> SSL::0:error:02001002:system library:fopen:No such file or 
> directory:bss_file.c:355:fopen('/root/path/conf/other/ssl/website.pem','r')

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira