[TS-3329] ATS shouldn't start if SSL is configured and certificate can't be loaded - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.3.0
Component/s: SSL
Labels:
- review

Description

requirement by dcarlin:

It seems ATS will start up even if the certificate file isn't present.

ATS settings in records.config:

CONFIG proxy.config.ssl.server.cert_chain.filename STRING digicert.pem
CONFIG proxy.config.ssl.server.cert.path STRING conf/yts/ssl

ATS settings in ssl_multicert.config:

dest_ip=* ssl_cert_name=ycpi_ssl_cert.pem

What happened was that this volume /home/y/conf/yts/ssl wasn't mounted - so the
SSL cert and chain cert were inaccessible. ATS started anyways just returning
errors on 443. Healthchecks were served on port 80 via HTTP, so it appeared to that the site was OK.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

patch.diff
27/Jan/15 13:39
0.5 kB
kang li

Issue Links

is duplicated by

TS-3376 Missing cert chain file gives no errors or warnings

Closed

is related to

TS-3529 Add a config option to allow ATS to start even if some certificates are bad

Closed

is superceded by

TS-3375 Potential memory leak bug

Closed

relates to

TS-3375 Potential memory leak bug

Closed

TS-3538 ATS Should perform validity checks on certificate prior to serving

Closed

Activity

People

Assignee:: kang li

Reporter:: kang li

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 27/Jan/15 13:30

Updated:: 13/May/15 20:36

Resolved:: 13/Feb/15 21:59