Details
Description
Weird behavior of ssl.server.cert.path & ssl.server.private_key.path
Test config1:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
ssl_multicert.config:
> dest_ip=172.16.192.168 ssl_cert_name=cert2.pem ssl_key_name=cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')
My observation:
> Trailing slash of ssl.server.cert.path not automatic added?
Test config2:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert/
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert/
ssl_multicert.config:
> dest_ip=172.16.192.168 ssl_cert_name=cert2.pem ssl_key_name=cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/etc/ats-certcert2.pem','r')
My observation:
> Trailing slash of ssl.server.cert.path trimmed.
Test config3:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/cert2.pem ssl_key_name=cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('cert2.key','r')
My observation:
> ssl.server.private_key.path config value not effective?
Test config4:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING /usr/local/etc/ats-cert/cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING NULL
> CONFIG proxy.config.ssl.server.private_key.filename STRING /usr/local/etc/ats-cert/cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING NULL
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/usr/local/etc/ats-cert/cert2.pem ssl_key_name=/usr/local/etc/ats-cert/cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/usr/local/usr/local/etc/ats-cert/cert2.pem','r')
My observation:
> prefix added before ssl_cert_name while ssl.server.cert.path not set
Test config5:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING /usr/local/etc/ats-cert/cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING NULL
> CONFIG proxy.config.ssl.server.private_key.filename STRING /usr/local/etc/ats-cert/cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING NULL
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/etc/ats-cert/cert2.pem ssl_key_name=/etc/ats-cert/cert2.key
traffic.out:
> ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/ats-cert/cert2.key','r')
My observation:
> prefix NOT added before ssl_key_name while ssl.server.private_key.path not set
Worked config:
records.config:
> CONFIG proxy.config.ssl.server.cert.filename STRING cert1.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/ats-cert
> CONFIG proxy.config.ssl.server.private_key.filename STRING cert1.key
> CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/ats-cert
ssl_multicert.config:
> dest_ip=210.71.204.149 ssl_cert_name=/cert2.pem ssl_key_name=/usr/local/etc/ats-cert
It seems ssl.server.cert.path has different (and weird) behavior with ssl.server.private_key.path.