[ https://issues.apache.org/jira/browse/TS-4179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Susan Hinrichs reassigned TS-4179: ---------------------------------- Assignee: Susan Hinrichs > OCSP stapling broken with RSA+ECDSA cert serving > ------------------------------------------------ > > Key: TS-4179 > URL: https://issues.apache.org/jira/browse/TS-4179 > Project: Traffic Server > Issue Type: Bug > Components: SSL > Reporter: Scott Beardsley > Assignee: Susan Hinrichs > Labels: yahoo > Fix For: 6.2.0 > > > When I try to serve both an RSA and an ECDSA cert using a config like so: > $ grep ocsp records.config > CONFIG proxy.config.ssl.ocsp.enabled INT 1 > $ grep -v ^# ssl_multicert.config > dest_ip=* ssl_cert_name=ecdsa.crt,rsa.crt ssl_key_name=ecdsa.key,rsa.key > I get the following error displayed in diags.log: > WARNING: fail to configure SSL_CTX for OCSP Stapling info for certificate at > ecdsa.crt > Also when I connect via either of the following I get no stapled cert: > $ openssl s_client -connect localhost:443 -cipher 'ECDHE-ECDSA-AES128-SHA' > -status > CONNECTED(00000003) > OCSP response: no response sent > ... > $ openssl s_client -connect localhost:443 -cipher 'ECDHE-RSA-AES128-SHA' > -status > CONNECTED(00000003) > OCSP response: no response sent > ... > $ > Here are the debug log messages: > diags.log:[Feb 5 22:44:03.230] Server {0x2afd2845bd80} WARNING: fail to > configure SSL_CTX for OCSP Stapling info for certificate at ecdsa.crt > traffic.out:[Feb 5 22:44:03.230] Server {0x2afd2845bd80} DEBUG: (ssl) ssl > ocsp stapling is enabled > traffic.out:[Feb 5 22:44:41.250] Server {0x2afd2ab89700} DEBUG: (ssl) > ssl_callback_ocsp_stapling: fail to get certificate information -- This message was sent by Atlassian JIRA (v6.3.4#6332)