Hi all,
Le 28/03/2015 10:24, Lukas Tribus a écrit :
In fact, I am sure its a bug.
I also happen to have the following certs:
*.apps.mycompany.com.au
*.its.apps.mycompany.com.au
If I go to sitea.its.apps.mycompany.com.au, I get the
*.apps.mycompany.com.au certificate
The workaround in the
Le 28/03/2015 10:19, Lukas Tribus a écrit :
Can you tell if the wildcard hostname are in the CN or in the SAN
field of the certificate?
Yes, currently that's the only thing I can see.
Maybe a conflict between several certificates in /etc/haproxy/ssl.
Peter, for each file in can you provide
This should make it work until there's a fix for this.
Currently, using only CN I'm unable to reproduce any issue.
I did my tests here as well, haproxy behavios corretly in all
the scenarios I've tested.
Peter, the traces and informations you have provided off-list
draw a very different
Baptiste bed...@gmail.com wrote:
On Fri, Mar 27, 2015 at 11:04 PM, Michael Bayer
mike...@zzzcomputing.com wrote:
Hi there -
We are evaluating different ways of using the stick match and backup
options in order to achieve certain behaviors for failover, involving a
Galera cluster. For
HA-Proxy version 1.5.11 2015/01/31
Copyright 2000-2015 Willy Tarreau w...@1wt.eu
Build options :
TARGET = linux30
[...]
Available polling systems :
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 2 (2 usable), will use poll.
Also, please
Hi Jason,
Le 27/03/2015 06:29, Jason Harvey a écrit :
I setup a duplicate config on my local workstation (our production one
is quite large and not suitable for sharing in its entirety).
At least can you provide your global/defaults and frontend configuration ?
And also the output of haproxy
In fact, I am sure its a bug.
I also happen to have the following certs:
*.apps.mycompany.com.au
*.its.apps.mycompany.com.au
If I go to sitea.its.apps.mycompany.com.au, I get the
*.apps.mycompany.com.au certificate
The workaround in the meantime is to make sure haproxy
loads
I will capture a wireshark. Do you want this running on my workstation that
doing the testing?
strict-sni seem to help.
Sorry I am not sure what this is. If you can let me know, I can get you the
info.
Can you tell if the wildcard hostname are in the CN or in the SAN field of
the
In fact, I am sure its a bug.
I also happen to have the following certs:
*.apps.mycompany.com.au
*.its.apps.mycompany.com.au
If I go to sitea.its.apps.mycompany.com.au, I get the *.apps.mycompany.com.au
certificate
Where should I log this?
From: Peter BUtler
Sent: Saturday, March 28, 2015
In fact, I am sure its a bug.
I also happen to have the following certs:
*.apps.mycompany.com.au
*.its.apps.mycompany.com.au
If I go to sitea.its.apps.mycompany.com.au, I get the
*.apps.mycompany.com.au certificate
Where should I log this?
Reporting here is enough. I
On Fri, Mar 27, 2015 at 11:04 PM, Michael Bayer
mike...@zzzcomputing.com wrote:
Hi there -
We are evaluating different ways of using the stick match and backup
options in order to achieve certain behaviors for failover, involving a
Galera cluster. For reference, we're picking and choosing
Hi Lukas/Cyril, I am not sure what I did during my test, but I am now unable to
reproduce it, in either test or production server.
I am starting to think this is a bug.
Is anyone able to confirm this works as intended for them?
a.. 2 certificates
b.. *.mycompany.com.au (serving up
I will capture a wireshark. Do you want this running on my workstation that
doing the testing?
Doesn't matter where, as long it captures the complete TCP session (tcpdump
-s0, to avoid truncating the packets) from a ok and from a failed session.
strict-sni seem to help.
Not yet sure why,
13 matches
Mail list logo
