Well, "virtualhost" wouldn't help anything, as it's part of HTTP protocol
and SSL check happens one(half:)) layer below - during the TCP connection
negotiation. At that point only DNS name of the real server does matter and
it's match to the SSL certificate.
With wildcard certificate if you real s
To be precise there is a SNI extension to the SSL protocol, that allows
selection of the virtual host during negotiation, but it still not(?)
widely used. At least, I wouldn't suspect LWP in that :)
http://en.wikipedia.org/wiki/Server_Name_Indication
On Wed, Dec 4, 2013 at 5:13 PM, Filipe Cifali
Yeah the LWP is 6.0.5, but it's working now as intended, probably is
Crypt-SSLeay working then.
But then again, my setup is working now, and I suspect the virtualhost
clause helped, since the SSL I have the same subdomain (*.domain.ext) so
the virtualhost is always valid on my domain.
On Wed, De
Not sure, how all that mix of SSL modules would work together, but if
Crypt-SSLeay-0.64-Pc0dMJ took preference then host checks effectively were
disabled:
NET::HTTPS states in the code:
if ($cnf->{SSL_verifycn_scheme}) {
$@ = "Net::SSL from Crypt-SSLeay can't verify hostnames;
That's were I ended up, but mostly due the use of IPv6. And, using curl for
checks I still need to specify -g to omit host verification for SSL.
With regards,
Timur.
On Wed, Dec 4, 2013 at 2:21 PM, Darren Mansell wrote:
> I just always use an external check for HTTP(S) these days anyway. Much
>
Nice you also use it, Malcolm!
But for the inexperienced user it's kind of frustrating when working
configuration stops working after the upgrade. That's why I'd like this fix
to be in the main source tree :)
I'm afraid, that with the real servers behind VIP validity of the
certificate is almost
I just always use an external check for HTTP(S) these days anyway. Much
more flexibility that way.
On 4 December 2013 11:48, Filipe Cifali wrote:
> For me to make this work on my setup I had to install some Perl Modules, if
> you use Ldirectord -d to debug you will see a internal error on messa
For me to make this work on my setup I had to install some Perl Modules, if
you use Ldirectord -d to debug you will see a internal error on messages
checking SSL
My config that works now:
virtual = :443
real = :443 gate 10
real = :443 gate 10
real = :443 gate 10
We use the same patch at Loadbalancer.org (or something very similar
anyway). Most of our customers specifically do not want use a virtual
host (for a health check) OR care if the SSL cert is valid.
On 4 December 2013 10:05, Timur I. Bakeyev wrote:
> Have you tried it, Dennis? Did you look into
Have you tried it, Dennis? Did you look into the ldirectord code? You know,
how SSL is working?
Regards,
Timur.
On Wed, Dec 4, 2013 at 6:09 AM, Dennis Jacobfeuerborn wrote:
> On 03.12.2013 12:19, Timur I. Bakeyev wrote:
> > Hi guys!
> >
> > I've posted bug report regarding ldirectord, can you
On 03.12.2013 12:19, Timur I. Bakeyev wrote:
> Hi guys!
>
> I've posted bug report regarding ldirectord, can you please review it and
> commit, if possible?
>
> https://github.com/ClusterLabs/resource-agents/issues/361
>
> Ldirectord is using LWP for it's negotiate checks for the HTTP/HTTPS sites.
Hi guys!
I've posted bug report regarding ldirectord, can you please review it and
commit, if possible?
https://github.com/ClusterLabs/resource-agents/issues/361
Ldirectord is using LWP for it's negotiate checks for the HTTP/HTTPS sites.
Since LWP 6.0 by default it verifies the correspondence of
12 matches
Mail list logo
