[jira] [Commented] (TS-3389) Breakage of ssl tests from TS-3375

Susan Hinrichs (JIRA) Mon, 16 Feb 2015 10:15:22 -0800

    [ 
https://issues.apache.org/jira/browse/TS-3389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14323101#comment-14323101
 ]


Susan Hinrichs commented on TS-3389:
------------------------------------

Pushed another fix change the semantics of failing SSL configurations.

Tracking whether the loaded SSL config is valid or not.  If this is the first 
time we are loading the config, an invalid SSL config will cause the process to 
exist.  If this is a reconfigure (due to traffic_line -x), the process will not 
exit and it will continue to run with the previous config.

This is attempting to replicate how remap configs are handled.

> Breakage of ssl tests from TS-3375
> ----------------------------------
>
>                 Key: TS-3389
>                 URL: https://issues.apache.org/jira/browse/TS-3389
>             Project: Traffic Server
>          Issue Type: Bug
>            Reporter: Thomas Jackson
>            Assignee: Susan Hinrichs
>
> The new_tsqa test_https tests started failing after 
> 5fb742d63742abbc0e441b6b9b8a74673097cf81 (TS-3375).
> ssl_multicert.config:
> {code}
> dest_ip=127.0.0.2 
> ssl_cert_name=/home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.example.com.pem
> dest_ip=127.0.0.2 
> ssl_cert_name=/home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.test.com.pem
> dest_ip=* 
> ssl_cert_name=/home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.example.com.pem
> dest_ip=* 
> ssl_cert_name=/home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.test.com.pem
> {code}
> traffic.out
> {code}
> [thjackso@thjackso-ld tsqa.env.Hz9TX9]$ ./bin/traffic_server
> traffic_server: using root directory '/tmp/tsqa.env.Hz9TX9'
> [Feb 12 16:52:01.398] {0x7f76e21fd800} NOTE: <DiagsConfig.cc:151 
> (reconfigure_diags)> updated diags config
> [Feb 12 16:52:01.402] Server {0x7f76e21fd800} NOTE: <Main.cc:1604 (main)> 
> cache clustering disabled
> [Feb 12 16:52:01.402] Server {0x7f76e21fd800} NOTE: <StatSystem.cc:269 
> (read_stats_snap)> clearing statistics
> [Feb 12 16:52:01.409] Server {0x7f76e21fd800} NOTE: <IPAllow.cc:73 
> (reconfigure)> ip_allow.config updated, reloading
> [Feb 12 16:52:01.416] Server {0x7f76e21fd800} NOTE: <ClusterProcessor.cc:724 
> (init)> cache clustering disabled
> [Feb 12 16:52:01.417] Server {0x7f76e21fd800} NOTE: <Log.cc:1041 
> (init_when_enabled)> logging initialized[3], logging_mode = 3
> [Feb 12 16:52:01.424] Server {0x7f76e21fd800} DEBUG: <SSLSessionCache.cc:44 
> (SSLSessionCache)> (ssl.session_cache) Created new ssl session cache 
> 0x1741220 with 256 buckets each with size max size 400
> [Feb 12 16:52:01.424] Server {0x7f76e21fd800} NOTE: <SSLUtils.cc:1880 
> (SSLParseCertificateConfiguration)> loading SSL certificate configuration 
> from /tmp/tsqa.env.Hz9TX9/etc/trafficserver/ssl_multicert.config
> [Feb 12 16:52:01.424] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1264 
> (SSLInitServerContext)> (ssl.session_cache) ssl context=0x1749c70: using 
> session cache options, enabled=2, size=102400, num_buckets=256, 
> skip_on_contention=0, timeout=0, auto_clear=1
> [Feb 12 16:52:01.424] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1286 
> (SSLInitServerContext)> (ssl.session_cache) enabling SSL session cache with 
> ATS implementation
> [Feb 12 16:52:01.432] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1427 
> (SSLInitServerContext)> (ssl) Using 
> '/home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.example.com.pem'
>  in hash for session id context
> [Feb 12 16:52:01.433] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1741 
> (ssl_store_ssl_context)> (ssl) mapping '127.0.0.2' to certificate 
> /home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.example.com.pem
> [Feb 12 16:52:01.433] Server {0x7f76e21fd800} DEBUG: <SSLCertLookup.cc:326 
> (insert)> (ssl) indexed '7F000002' with SSL_CTX 0x1749c70 [0]
> [Feb 12 16:52:01.433] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1768 
> (ssl_store_ssl_context)> (ssl) ssl ocsp stapling is disabled
> [Feb 12 16:52:01.433] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1779 
> (ssl_store_ssl_context)> (ssl) importing SNI names from 
> /home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.example.com.pem
> [Feb 12 16:52:01.433] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1264 
> (SSLInitServerContext)> (ssl.session_cache) ssl context=0x174b7c0: using 
> session cache options, enabled=2, size=102400, num_buckets=256, 
> skip_on_contention=0, timeout=0, auto_clear=1
> [Feb 12 16:52:01.433] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1286 
> (SSLInitServerContext)> (ssl.session_cache) enabling SSL session cache with 
> ATS implementation
> [Feb 12 16:52:01.441] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1427 
> (SSLInitServerContext)> (ssl) Using 
> '/home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.test.com.pem'
>  in hash for session id context
> [Feb 12 16:52:01.441] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1741 
> (ssl_store_ssl_context)> (ssl) mapping '127.0.0.2' to certificate 
> /home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.test.com.pem
> [Feb 12 16:52:01.441] Server {0x7f76e21fd800} WARNING: <SSLCertLookup.cc:321 
> (insert)> previously indexed '7F000002' with SSL_CTX (nil), cannot index it 
> with SSL_CTX #1 now
> [Feb 12 16:52:01.441] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1768 
> (ssl_store_ssl_context)> (ssl) ssl ocsp stapling is disabled
> [Feb 12 16:52:01.441] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1779 
> (ssl_store_ssl_context)> (ssl) importing SNI names from 
> /home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.test.com.pem
> [Feb 12 16:52:01.441] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1615 
> (ssl_index_certificate)> (ssl) mapping 'www.test.com' to certificate 
> /home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.test.com.pem
> [Feb 12 16:52:01.441] Server {0x7f76e21fd800} DEBUG: <SSLCertLookup.cc:326 
> (insert)> (ssl) indexed 'www.test.com' with SSL_CTX 0x174b7c0 [1]
> [Feb 12 16:52:01.441] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1264 
> (SSLInitServerContext)> (ssl.session_cache) ssl context=0x18c0310: using 
> session cache options, enabled=2, size=102400, num_buckets=256, 
> skip_on_contention=0, timeout=0, auto_clear=1
> [Feb 12 16:52:01.441] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1286 
> (SSLInitServerContext)> (ssl.session_cache) enabling SSL session cache with 
> ATS implementation
> [Feb 12 16:52:01.449] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1427 
> (SSLInitServerContext)> (ssl) Using 
> '/home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.example.com.pem'
>  in hash for session id context
> [Feb 12 16:52:01.449] Server {0x7f76e21fd800} DEBUG: <SSLCertLookup.cc:326 
> (insert)> (ssl) indexed '*' with SSL_CTX 0x18c0310 [2]
> [Feb 12 16:52:01.449] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1768 
> (ssl_store_ssl_context)> (ssl) ssl ocsp stapling is disabled
> [Feb 12 16:52:01.449] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1779 
> (ssl_store_ssl_context)> (ssl) importing SNI names from 
> /home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.example.com.pem
> [Feb 12 16:52:01.449] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1264 
> (SSLInitServerContext)> (ssl.session_cache) ssl context=0x18c19a0: using 
> session cache options, enabled=2, size=102400, num_buckets=256, 
> skip_on_contention=0, timeout=0, auto_clear=1
> [Feb 12 16:52:01.449] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1286 
> (SSLInitServerContext)> (ssl.session_cache) enabling SSL session cache with 
> ATS implementation
> [Feb 12 16:52:01.457] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1427 
> (SSLInitServerContext)> (ssl) Using 
> '/home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.test.com.pem'
>  in hash for session id context
> [Feb 12 16:52:01.458] Server {0x7f76e21fd800} WARNING: <SSLCertLookup.cc:321 
> (insert)> previously indexed '*' with SSL_CTX 0x2, cannot index it with 
> SSL_CTX #3 now
> [Feb 12 16:52:01.458] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1768 
> (ssl_store_ssl_context)> (ssl) ssl ocsp stapling is disabled
> [Feb 12 16:52:01.458] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1779 
> (ssl_store_ssl_context)> (ssl) importing SNI names from 
> /home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.test.com.pem
> [Feb 12 16:52:01.458] Server {0x7f76e21fd800} DEBUG: <SSLUtils.cc:1615 
> (ssl_index_certificate)> (ssl) mapping 'www.test.com' to certificate 
> /home/thjackso/src/trafficserver-git/ci/new_tsqa/files/rsa_keys/www.test.com.pem
> [Feb 12 16:52:01.458] Server {0x7f76e21fd800} WARNING: <SSLCertLookup.cc:321 
> (insert)> previously indexed 'www.test.com' with SSL_CTX 0x1, cannot index it 
> with SSL_CTX #3 now
> [Feb 12 16:52:01.458] Server {0x7f76e21fd800} ERROR: <SSLUtils.cc:1921 
> (SSLParseCertificateConfiguration)> failed to load SSL certificate 
> specification from 
> /tmp/tsqa.env.Hz9TX9/etc/trafficserver/ssl_multicert.config line 67
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (TS-3389) Breakage of ssl tests from TS-3375

Reply via email to