Am Thu, 6 Sep 2012 10:38:11 +0200 Lars Ellenberg <lars.ellenb...@linbit.com> schrieb:
> > What wonders me most is that the nossl directive is ignored.
> > Ignoring the certificate is most probably because the SSL certificate is
> > matched against the address, not against the hostname (which feels
> > somewhat senseless to me).
>
> I'm not sure what and when, exactly, is matched against the nossl patterns.
> But the config statement is "nossl from-pattern to-pattern",
> and "from" is probably always the node name, not the outgoing IP used.
> So maybe an (additional?)
> nossl leihnix* 172.31*;
> does that?
>
> You could add a few -v, or use gdb to find out...
I'll try that on next wednesday, I'm scheduled to do other things at the
moment, but I'll report what happened.
> > Any experience on how to make it work via IP or interface name?
> > If not, Lars' workaround isn't too bad :)
>
> That is not a workaround at all.
> It is the intended usage.
>
> Though I admit it may be unclear from the wording in the paper
> ("interfacename").
> If you read the full paper, you'll see it talks about "interface DNS
> name", which is meant to say the *resolvable* name you give the IP on
> that interface.
>
> Patches to improve the wording in the paper gladly accepted ;-)
>
> Thanks,
> Lars
>
> _______________________________________________
> Csync2 mailing list
> Csync2@lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
signature.asc
Description: PGP signature
_______________________________________________ Csync2 mailing list Csync2@lists.linbit.com http://lists.linbit.com/mailman/listinfo/csync2
