[ https://issues.apache.org/jira/browse/TS-3027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14107401#comment-14107401 ]
ASF subversion and git services commented on TS-3027: ----------------------------------------------------- Commit 81ef6a67753724a676d6c89651aa31dd6a1aefd0 in trafficserver's branch refs/heads/5.1.x from [~jpe...@apache.org] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=81ef6a6 ] Add TS-3027 to CHANGES > Hashed SSL Intermediate Server Certs not recognized > --------------------------------------------------- > > Key: TS-3027 > URL: https://issues.apache.org/jira/browse/TS-3027 > Project: Traffic Server > Issue Type: Bug > Components: SSL > Reporter: Steven Feltner > Assignee: James Peach > Fix For: 5.1.0 > > Attachments: HashedSSL.patch > > > Tested on: > CentOS 6.5 x86_64 > trafficserver-5.0.1 > Pertinent Config Values: > CONFIG proxy.config.ssl.CA.cert.filename STRING NULL > #CONFIG proxy.config.ssl.CA.cert.filename STRING combined_ca_bundle.crt > CONFIG proxy.config.ssl.CA.cert.path STRING /var/linhosting/users/local > (with and without CA.cert.filename configured) > CONFIG proxy.config.ssl.client.certification_level INT 0 > CONFIG proxy.config.ssl.client.verify.server INT 0 > c_rehash (from OpenSSL) called from command line to create hash symlinks > Currently, SSL_CTX_load_verify_locations is only called in two cases: > if (params->clientCertLevel != 0) { > and > if (params->clientVerify) { > Attached patch will create a precedence such that: > if ssl_ca_name= is configured in ssl_multicert.config > use that to build the cert chain > else if proxy.config.ssl.CA.cert.filename is configured (along with > proxy.config.ssl.CA.cert.path) > use that file to build the chain > else if proxy.config.ssl.CA.cert.path is configured (and > proxy.config.ssl.CA.cert.filename is NULL) > use the hashed symlinks in that directory to build the chain > else > error out because we don't have the right configuration to build the chain -- This message was sent by Atlassian JIRA (v6.2#6252)