Observed Behavior:
All traffic ceases to flow through ATS with the addition of an improperly crafted SSL wildcard certificate.
Expected Behavior:
ATS should fail to reload config and report an error
Steps to reproduce:
- Create a self-signed cert and load it as in steps 4-6
- Test using either openssl or curl to note that traffic flows and you get an SSL response with the specified cert.
- Create a wildcard SSL certificate with a CN like
CN=DNS:*.subdomain.domain.com and SANs like [DNS:*.subdomain.domain.com, DNS:subdomain.domain.com]
- Replace cert and key from steps 1-2 on disk
- Update ssl_multicert.config like
ssl_cert_name=edge_subdomain_domain_com_cert.cer ssl_key_name=edge.subdomain.domain.com.key
- Perform an ATS config reload
- Use either openssl or curl to try and send traffic
Found in:
trafficserver-7.1.4_rc0
Observed Behavior:
All traffic ceases to flow through ATS with the addition of an improperly crafted SSL wildcard certificate.
Expected Behavior:
ATS should fail to reload config and report an error
Steps to reproduce:
CN=DNS:*.subdomain.domain.comand SANs like[DNS:*.subdomain.domain.com, DNS:subdomain.domain.com]ssl_cert_name=edge_subdomain_domain_com_cert.cer ssl_key_name=edge.subdomain.domain.com.keyFound in:
trafficserver-7.1.4_rc0