TLS connection failure without dest_ip=* in ssl_multicert.config #4160
Description
@randall found that latest ATS master branch requires dest_ip in ssl_multicert.config. The dest_ip is a option, ATS should work without it. I tried some tests and found ssl_callback_info got some error.
client
$ ~/opt/openssl/bin/openssl s_client -connect 127.0.0.1:4443
CONNECTED(00000005)
140736171307904:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40
debug logs
with dest_ip=*
[Aug 24 11:37:37.003] {0xb000c000} DEBUG: <SSLUtils.cc:454 (ssl_servername_only_callback)> (ssl) Requested servername is 127.0.0.1
[Aug 24 11:37:37.003] {0xb000c000} DEBUG: <SNIActionPerformer.cc:46 (PerformAction)> (ssl_sni) 127.0.0.1 not available in the map
[Aug 24 11:37:37.003] {0xb000c000} DEBUG: <SSLNetVConnection.cc:1558 (callHooks)> (ssl) callHooks sslHandshakeHookState=2
[Aug 24 11:37:37.003] {0xb000c000} DEBUG: <SSLNetVConnection.cc:1630 (callHooks)> (ssl) callHooks iterated to curHook=0x0
[Aug 24 11:37:37.003] {0xb000c000} DEBUG: <SSLUtils.cc:333 (set_context_cert)> (ssl) set_context_cert ssl=0x2825200 server=127.0.0.1 handshake_complete=0
[Aug 24 11:37:37.003] {0xb000c000} DEBUG: <SSLUtils.cc:387 (set_context_cert)> (ssl) ssl_cert_callback using SSL context 0x4815400 for requested name '127.0.0.1'
[Aug 24 11:37:37.003] {0xb000c000} DEBUG: <SSLNetVConnection.cc:1558 (callHooks)> (ssl) callHooks sslHandshakeHookState=3
[Aug 24 11:37:37.003] {0xb000c000} DEBUG: <SSLNetVConnection.cc:1630 (callHooks)> (ssl) callHooks iterated to curHook=0x0
[Aug 24 11:37:37.003] {0xb000c000} DEBUG: <SSLUtils.cc:1510 (ssl_callback_info)> (ssl) ssl_callback_info ssl: 0x2825200 where: 8193 ret: 1 State: SSLv3/TLS read client hello
without dest_ip=*
[Aug 24 11:36:05.335] {0xb000c000} DEBUG: <SSLUtils.cc:454 (ssl_servername_only_callback)> (ssl) Requested servername is 127.0.0.1
[Aug 24 11:36:05.335] {0xb000c000} DEBUG: <SNIActionPerformer.cc:46 (PerformAction)> (ssl_sni) 127.0.0.1 not available in the map
[Aug 24 11:36:05.335] {0xb000c000} DEBUG: <SSLNetVConnection.cc:1558 (callHooks)> (ssl) callHooks sslHandshakeHookState=2
[Aug 24 11:36:05.335] {0xb000c000} DEBUG: <SSLNetVConnection.cc:1630 (callHooks)> (ssl) callHooks iterated to curHook=0x0
[Aug 24 11:36:05.336] {0xb000c000} DEBUG: <SSLUtils.cc:333 (set_context_cert)> (ssl) set_context_cert ssl=0x1012000 server=127.0.0.1 handshake_complete=0
[Aug 24 11:36:05.336] {0xb000c000} DEBUG: <SSLUtils.cc:387 (set_context_cert)> (ssl) ssl_cert_callback using SSL context 0x2001c00 for requested name '127.0.0.1'
[Aug 24 11:36:05.336] {0xb000c000} DEBUG: <SSLNetVConnection.cc:1558 (callHooks)> (ssl) callHooks sslHandshakeHookState=3
[Aug 24 11:36:05.336] {0xb000c000} DEBUG: <SSLNetVConnection.cc:1630 (callHooks)> (ssl) callHooks iterated to curHook=0x0
[Aug 24 11:36:05.336] {0xb000c000} DEBUG: <SSLUtils.cc:1510 (ssl_callback_info)> (ssl) ssl_callback_info ssl: 0x1012000 where: 16392 ret: 552 State: error
[Aug 24 11:36:05.336] {0xb000c000} DEBUG: <SSLUtils.cc:2334 (SSLAccept)> (ssl.error.accept) SSL accept returned -1, ssl_error=1, ERR_get_error=337092801 (error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher)
[Aug 24 11:36:05.336] {0xb000c000} DEBUG: <SSLNetVConnection.cc:1168 (sslServerHandShakeEvent)> (ssl-diag) SSL::2952839168:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl