* Nigel Kersten <nig...@google.com> [091109 22:22]: > > On Sat, Nov 7, 2009 at 8:12 AM, Nigel Kersten <nig...@google.com> wrote: > > On Sat, Nov 7, 2009 at 3:14 AM, Christian Hofstaedtler <ch+...@zeha.at> > > wrote: > >> > >> On Nov 6, 11:32 pm, Nigel Kersten <nig...@google.com> wrote: > >>> [..] > >>> I'm in the middle of testing 2.2.5 now, and hit this problem. > >>> > >>> http://groups.google.com/group/phusion-passenger/browse_thread/thread... > >>> > >>> Once that fix was applied, 0.24.8 and 0.25.1 clients are working > >>> happily for me with an install of the current git 0.25.x branch. > >> > >> So, you're saying, 2.2.5 works fine with current 0.25.x git, with a > >> passenger fix applied but not my puppet patch? > > > > Yes. > > > >> > >> If so, then this "passenger is not working" problem puzzles me > >> completely. Could qualify for a heisenbug. > > I just realized I have this in place... > > ssl_client_header=HTTP_X_SSL_SUBJECT > > could that possibly be changing behavior? > > I also have separate virtual hosts for CA and non-CA servers on > different ports. I haven't fully tested running a 0.25.1 CA under the > above configuration.
It's interesting that it even works. It's supposed to only work with ssl_client_header = SSL_CLIENT_S_DN. Having this configured /wrong/ would lead to clients not getting authorized at all; if your clients work, then it can't be actually "wrong". Are you using an SSL proxy or something else which might change SSL behaviour? Thanks, Christian -- christian hofstaedtler --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
