Hi Cyril, On 23 January 2015 at 00:02, Cyril Bonté <[email protected]> wrote: > > Hi Raphaël, > > Le 12/01/2015 17:10, Raphaël Enrici a écrit : >> >> Dear all, >> >> nice to meet you (first post since a very loooong time here). >> >> As far as I understand it, when using the crt option of bind directive with a >> directory as parameter, cert files from the specified directory are loaded... >> Well, good, that's great :) >> >> Today we faced an issue on two hosts working in active/passive mode >> which lead us to some cold sweat... >> >> (...) > > > >> >> It seems to be due to the use of readdir in the function ssl_sock_load_cert() >> located in src/ssl_sock.c. As readdir does not guarantee any order or at >> least >> not an alphabetical or time order, both the instance did not have the same >> answer although the configuration were exactly the same. >> (...) >> >> Or may be the listing of certs could be alphabetically sorted although it may >> break existing deployments and so may not be a good thing at all. > > > I have a small patch ready for this, I think I can send it tomorrow or during > the week-end.
thank you for your answer! Please, feel free to drop me a version of your patch as soon as you find it nice enough, I'll apply it and test it in a dev environment. Bests, Raphaël
