Hi all,
Le 28/03/2015 10:24, Lukas Tribus a écrit :
In fact, I am sure its a bug.
I also happen to have the following certs:
*.apps.mycompany.com.au
*.its.apps.mycompany.com.au
If I go to sitea.its.apps.mycompany.com.au, I get the
*.apps.mycompany.com.au certificate
The workaround in the
Le 28/03/2015 10:19, Lukas Tribus a écrit :
Can you tell if the wildcard hostname are in the CN or in the SAN
field of the certificate?
Yes, currently that's the only thing I can see.
Maybe a conflict between several certificates in /etc/haproxy/ssl.
Peter, for each file in can you provide
This should make it work until there's a fix for this.
Currently, using only CN I'm unable to reproduce any issue.
I did my tests here as well, haproxy behavios corretly in all
the scenarios I've tested.
Peter, the traces and informations you have provided off-list
draw a very different
HA-Proxy version 1.5.11 2015/01/31
Copyright 2000-2015 Willy Tarreau w...@1wt.eu
Build options :
TARGET = linux30
[...]
Available polling systems :
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 2 (2 usable), will use poll.
Also, please
In fact, I am sure its a bug.
I also happen to have the following certs:
*.apps.mycompany.com.au
*.its.apps.mycompany.com.au
If I go to sitea.its.apps.mycompany.com.au, I get the
*.apps.mycompany.com.au certificate
The workaround in the meantime is to make sure haproxy
loads
I will capture a wireshark. Do you want this running on my workstation that
doing the testing?
strict-sni seem to help.
Sorry I am not sure what this is. If you can let me know, I can get you the
info.
Can you tell if the wildcard hostname are in the CN or in the SAN field of
the
In fact, I am sure its a bug.
I also happen to have the following certs:
*.apps.mycompany.com.au
*.its.apps.mycompany.com.au
If I go to sitea.its.apps.mycompany.com.au, I get the *.apps.mycompany.com.au
certificate
Where should I log this?
From: Peter BUtler
Sent: Saturday, March 28, 2015
In fact, I am sure its a bug.
I also happen to have the following certs:
*.apps.mycompany.com.au
*.its.apps.mycompany.com.au
If I go to sitea.its.apps.mycompany.com.au, I get the
*.apps.mycompany.com.au certificate
Where should I log this?
Reporting here is enough. I
Hi Lukas/Cyril, I am not sure what I did during my test, but I am now unable to
reproduce it, in either test or production server.
I am starting to think this is a bug.
Is anyone able to confirm this works as intended for them?
a.. 2 certificates
b.. *.mycompany.com.au (serving up
I will capture a wireshark. Do you want this running on my workstation that
doing the testing?
Doesn't matter where, as long it captures the complete TCP session (tcpdump
-s0, to avoid truncating the packets) from a ok and from a failed session.
strict-sni seem to help.
Not yet sure why,
thanks Lukas, I have this working now (at least on my test server).
fyi,
1.5.8 didn't work with either method.
1.5.11 worked with both methods.
thanks for your help.
-Original Message-
From: Lukas Tribus
Sent: Sunday, March 22, 2015 9:27 PM
To: Peter BUtler ; haproxy@formilux.org
Hi all,
Le 26/03/2015 22:52, Peter BUtler a écrit :
thanks Lukas, I have this working now (at least on my test server).
fyi,
1.5.8 didn't work with either method.
1.5.11 worked with both methods.
Good news ! This was precisely a patch I provided to sort the
certificates by filename. And
Thank you for support, we have fixed our issues.
Ha.
- Original Message -
From: Lukas Tribus luky...@hotmail.com
To: Peter BUtler peter_butler1...@outlook.com, haproxy@formilux.org
Sent: Sunday, March 22, 2015 6:27:15 AM
Subject: RE: HAProxy with multiple certificates, one of which
Thank you for support, we have fixed our issues.
Ha.
- Original Message -
From: Peter BUtler peter_butler1...@outlook.com
To: haproxy@formilux.org
Sent: Sunday, March 22, 2015 1:15:07 AM
Subject: Re: HAProxy with multiple certificates, one of which being wild card,
and the other
I have tried this change already, by renaming them alphabetically.
Didn't make any difference.
It won't in 1.5.8. Only 1.5.11 respects alphabetical ordering of the
certificates in a folder. Please specify them manually:
crt /etc/haproxy/ssl/wildcard.mycompany.com.au.crt crt
forgot to CC the mailing list.
thanks Cryil.
Date: Fri, 20 Mar 2015 00:47:53 +0100
From: cyril.bo...@free.fr
To: peter_butler1...@outlook.com; haproxy@formilux.org
Subject: Re: HAProxy with multiple certificates, one of which being wild
card, and the other being sub of that wildcard
I logged this on stackoverflow
(http://stackoverflow.com/questions/29133477/haproxy-with-multiple-certificates-one-of-which-being-wild-card-and-the-other),
but HAProxy usage there is pretty low.
THis is my first mailing list email in years, please let me know if I have
broken any rules.
Hi Peter,
Le 20/03/2015 00:32, Peter Butler a écrit :
I logged this on stackoverflow
(http://stackoverflow.com/questions/29133477/haproxy-with-multiple-certificates-one-of-which-being-wild-card-and-the-other),
but HAProxy usage there is pretty low.
THis is my first mailing list email in
18 matches
Mail list logo
