trafficserver icon indicating copy to clipboard operation
trafficserver copied to clipboard
verified publisher icon apache

9.2: mTLS client key load failure should revert to last known good config

Open mtorluemke opened this issue 3 years ago • 0 comments

These errors were logged after failing to load an mTLS key in ATS 9.2:

ERROR: SSL::139826296874752:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:crypto/x509/x509_cmp.c:303
ERROR: failed to use client private key file from <path>
ERROR: failed to create SSL client session

Then later:

CONNECT: attempt fail [CONNECTION_ERROR] to <ip>:<port> for host=<Host> connection_result=Unknown error 524289 [524289] error=Unknown error 524289 [524289] attempts=<connect_attemps_max_retries> url=<url>

Resulting in 502s sent downstream. Expected behavior is to revert to last known good config, I would think.

mtorluemke avatar Sep 14 '22 23:09 mtorluemke