On Fri, Dec 4, 2015 at 6:15 AM, Dave Zhu (yanbzhu) <[email protected]> wrote:
> Hey Bryan, > it’s strange that it’s always loading the ECC cert. I just tested the code > on my end and I’m not seeing this behavior. > > I see it on OSX, I'll test on Linux today. > Back to your original problem though, do the certs share a CN or SAN? > That’s the only way that they would get loaded together into a shared > context. > > Yes, the entire DN is identical for the two certs including the CN. There is no SAN on these. btalbot-lt:haproxy-1.6$ openssl x509 -subject -issuer -noout -pubkey -in var/tls/localhost.pem.rsa subject= /C=US/ST=CA/L=San Jose/O=iJJi Engineering/OU=Test Certificate/CN=localhost.local issuer= /C=US/ST=CA/L=San Jose/O=iJJi Engineering/OU=Test Certificate/CN=localhost.local -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfd+4oUNDoF0xAjWfsg0 Ch/SVr6IOzLZPjU1z7OpNMgBbn0AQZ8znc070EJlkLdk8AjSp8EaLktz3vCPcT/J wAJgc28/7RUIcUpLMEfSVYXyGhBDFJS0rUDM9FKXOkrxGt22e6zlrvarpQTW/05W NLJq5ZmsvydNEEG55KBouBU/e2PlMOiRHwgOGZU4i+5XnVfvkd90A+TQiC2PhVh3 56cslp8wfcULmJ2dF3EpuiwNSaQZ8YbNWBqO2vZ7FGUwjiLD0atf9ysVJp87trvp lA57R4TjiOAQpEdcgdiGUjJ2SjPPApS6XZUxjrlazkeL27ZPkezB3pn+NQ7BQQU1 6wIDAQAB -----END PUBLIC KEY----- btalbot-lt:haproxy-1.6$ openssl x509 -subject -issuer -noout -pubkey -in var/tls/localhost.pem.ecdsa subject= /C=US/ST=CA/L=San Jose/O=iJJi Engineering/OU=Test Certificate/CN=localhost.local issuer= /C=US/ST=CA/L=San Jose/O=iJJi Engineering/OU=Test Certificate/CN=localhost.local -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQFfhz8mRC3sRZp8+hJKBTx1Qz3Mm FPVD/Wt9giz4E0oH/a8XLnvul0q+RqzW9K7v/IFQtGxxRjgahHlUW7fw/Q== -----END PUBLIC KEY-----
