RE: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

2018-07-16 Thread Martin RADEL
4:11 To: Martin RADEL Cc: haproxy@formilux.org; w...@1wt.eu; m...@gandi.net Subject: Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost" On Mon, 16 Jul 2018 at 11:57, Martin RADEL <mailto:martin.ra...@rbinternational.com> wrote:

Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

2018-07-16 Thread Lukas Tribus
On Mon, 16 Jul 2018 at 11:57, Martin RADEL wrote: > > Hi, > > I think we found the issue: > Seems that there was a misunderstanding from us regarding the haproxy > documentation with the "verifyhost" option. > > If I get it right, the documentation says that if we have a haproxy config > that >

RE: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

2018-07-16 Thread Martin RADEL
: lu...@ltri.eu [mailto:lu...@ltri.eu] Sent: Samstag, 14. Juli 2018 11:35 To: Martin RADEL Cc: haproxy@formilux.org Subject: Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost" Hello Martin, > we have a strange situation with o

RE: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

2018-07-16 Thread Martin RADEL
...@encompasscorporation.com<mailto:ig...@encompasscorporation.com> [mailto:ig...@encompasscorporation.com] Sent: Freitag, 13. Juli 2018 03:27 To: Martin RADEL mailto:martin.ra...@rbinternational.com>> Cc: haproxy@formilux.org<mailto:haproxy@formilux.org> Subject: Re: TLS handshake works wit

Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

2018-07-14 Thread Lukas Tribus
Hello Martin, > we have a strange situation with our HAProxy, running on Version 1.8.8 with > OpenSSL. Please share the output of haproxy -vv. Did you build openssl yourself or is this a distribution provided openssl lib? I am asking because build issues can lead to very strange behavior. >

Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

2018-07-12 Thread Igor Cicimov
On Fri, Jul 13, 2018 at 11:26 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > On Fri, Jul 13, 2018 at 11:08 AM, Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> Hi Martin, >> >> On Thu, Jul 12, 2018 at 6:55 PM, Martin RADEL < >> martin.ra...@rbinternational.com> wrote: >>

Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

2018-07-12 Thread Igor Cicimov
On Fri, Jul 13, 2018 at 11:08 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > Hi Martin, > > On Thu, Jul 12, 2018 at 6:55 PM, Martin RADEL < > martin.ra...@rbinternational.com> wrote: > >> Hi all, >> >> >> >> we have a strange situation with our HAProxy, running on Version 1.8.8 >>

Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

2018-07-12 Thread Igor Cicimov
Hi Martin, On Thu, Jul 12, 2018 at 6:55 PM, Martin RADEL < martin.ra...@rbinternational.com> wrote: > Hi all, > > > > we have a strange situation with our HAProxy, running on Version 1.8.8 > with OpenSSL. > > (See the details in the setup listed below - some lines are missing by > intention.