Hi HAProxy users list, I am running HAProxy version 1.5.12-1 on Ubuntu Precise Pangolin (12.04). I have confirmed that it was compiled with OpenSSL support built in.
I have configured an SSL backend thusly: bind 0.0.0.0:443 ssl crt /etc/ssl/private/secondmarket.com.pem ca-file /etc/ssl/private/secondmarket.ca.pem ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 launching haproxy under strace provides no indication that it made an attempt to read the ca-file (although you can clearly see it loading the crt file). strace output is here: http://pastebin.com/RDgAug7E Does anyone know why the ca-file directive is being ignored? Shall I upgrade? Thanks in advance for any adive anyone can proffer. Joseph Hammerman -- ------------------------------------------------------------------------------ This message is intended only for the addressee. Please notify sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents, in either excerpts or in its entirety, to any other person and any such actions may be unlawful. SecondMarket Solutions, Inc. and it subsidiaries ("SecondMarket") is not responsible for any unauthorized redistribution. Securities-related services of SecondMarket are provided through SMTX, LLC (“SMTX”), a wholly owned subsidiary of SecondMarket and a registered broker dealer and member of FINRA/SIPC. SMTX does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. SMTX reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the SMTX e-mail system and archived in accordance with FINRA and SEC rules and regulations. This message is intended for those with an in-depth understanding of the high risk and illiquid nature of private securities and these assets may not be suitable for you. This message does not represent a solicitation for an order or an offer to buy or sell any security. There is not enough information contained in this message with which to make an investment decision and any information contained herein should not be used as a basis for this purpose. SMTX does not produce in-house research, make recommendations to purchase or sell specific securities, provide investment advisory services, or conduct a general retail business.
