GitHub user jacksontj reopened a pull request:
https://github.com/apache/trafficserver/pull/121
Explain ATS's interesting default SSL cert selection criteria
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/jacksontj/trafficserver
Github user jacksontj closed the pull request at:
https://github.com/apache/trafficserver/pull/121
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the featu
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/121#issuecomment-71760338
After talking with @jpeach it sounds like this isn't the case anymore. I'll
verify what it does on master then update this PR.
---
If your project is set up for
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/121#issuecomment-56850369
Correct, and I'm just trying to say that if you have non sni clients its
first match wins (which it says). The second part is that the same
functionality i
Github user jpeach commented on the pull request:
https://github.com/apache/trafficserver/pull/121#issuecomment-56849830
There's no such thing as a fallback; it's probably confusing to think of it
in those terms. We index the certificate in order. In the case of name or
address collis
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/121#issuecomment-56779468
But what happens if there are 2 found for the same IP address? Which one is
the fallback? That's all I'm trying to document is that there is an order
in wh
Github user jpeach commented on the pull request:
https://github.com/apache/trafficserver/pull/121#issuecomment-56770923
Each certificate is indexed by the subject CN, all the alternate names and
the IP address given in ssl_multicert. When we try to match the client
connection, we mat
Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/121#issuecomment-56770441
Well, this is how it works regardless of how it should work...
But you should be able to specify multiple certs for a given IP (for
example) so sni cl
Github user jpeach commented on the pull request:
https://github.com/apache/trafficserver/pull/121#issuecomment-56768823
That's not how it works. In all cases, we should be taking the longest
match. If multiple certificates have the same matching specifier we should be
issuing a warni
GitHub user jacksontj opened a pull request:
https://github.com/apache/trafficserver/pull/121
Explain ATS's interesting default SSL cert selection criteria
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/jacksontj/trafficserver m
10 matches
Mail list logo
