Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-1269

"proxy_ssl_verify on" causes "upstream SSL certificate does not match" error rarely

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.3 GA
    • 2.2.1
    • Gateway
    • +
    • Hide
      1. Deploy a self-managed APIcast
      2. Configure proxy_ssl_verify on; in the apicast.d/proxy_ssl.conf
      3. Deploy an API backed like echo-api
      4. Configure an API to use the APIcast
      5. Send requests to the APIcast

      Actual result: APIcast throws upstream SSL certificate does not match error rarely.

      Show
      Deploy a self-managed APIcast Configure proxy_ssl_verify on; in the apicast.d/proxy_ssl.conf Deploy an API backed like echo-api Configure an API to use the APIcast Send requests to the APIcast Actual result: APIcast throws upstream SSL certificate does not match error rarely.

    Description

      When I set proxy_ssl_verify on; in apicast.d/proxy_ssl.conf, I got upstream SSL certificate does not match error rarely.

      Some findings:

      • I could not reproduce this issue when API backend is echo-api.3scale.net.
      • When I got the error, the API backed was echo-api on the same OCP instance.
      • I sent 100 requests by cURL to the gateway and got this error once.

      Attachments

        Activity

          People

            mcichra Michal Cichra (Inactive)
            rhn-support-tkonishi Takayuki Konishi
            Martin Kudlej Martin Kudlej
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: