trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Payne <jp557...@gmail.com>
Subject Origin SNI Value
Date Tue, 17 Jan 2017 21:56:17 GMT
Hello,



I currently have ATS configured to support a pristine host header.

   proxy.config.url_remap.pristine_host_hdr 1

I also have ATS configured to verify the origin server certificate.

   proxy.config.ssl.client.verify.server 1

My remap looks like this.

   map https://edge.abc.com/ https://origin.xyz.com/


Because pristine is enabled, when ATS sends a request back to the origin,
it uses a SNI value of:

     edge.abc.com

However, the origin returns a certificate that does not match the SNI.

Because the requested SNI and the returned CN/SAN do not match, coupled
with verify.server enabled, ATS terminates the origin session and sends a
502 back to the client.

Is there another control or configuration that allows me to define which
SNI value to
send back to the origin ?
I need to keep pristine enabled and I need verify.server enabled.

Thanks in advance.

Mime
View raw message