[TS-3376] Missing cert chain file gives no errors or warnings - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.3.0
Component/s: SSL
Labels:
None

Description

With an ssl_multicert.config of

ATS will start up without any (as far as I could tell) errors, even when the cert chain file is completely missing. It just silently accepts the config, and brings ATS up in a poor state as far as TLS is concerned.

IMO, we should at a minimum write some very serious warnings and errors on this, but maybe even refuse to startup (or reload) the config if the cert chain file is missing. This is serious enough that the server is in a non-functional state if it happens.

Attachments

Issue Links

duplicates

TS-3329 ATS shouldn't start if SSL is configured and certificate can't be loaded

Closed

relates to

TS-3375 Potential memory leak bug

Closed

TS-3389 Breakage of ssl tests from TS-3375

Closed

Activity

People

Assignee:: Susan Hinrichs

Reporter:: Leif Hedstrom

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 07/Feb/15 00:33

Updated:: 03/Aug/15 23:10

Resolved:: 13/Feb/15 21:58