[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: load balancer with SSL

To: James Bourne <jbourne@mtroyal.ca>
Subject: Re: load balancer with SSL
From: Howard Chu <hyc@symas.com>
Date: Thu, 19 Oct 2006 10:49:02 -0700
Cc: Jeremiah Martell <inlovewithgod@gmail.com>, OpenLDAP Software List <OpenLDAP-software@openldap.org>, Dieter Kluenter <dieter@dkluenter.de>
In-reply-to: <Pine.LNX.4.64.0610191016550.7705@skuld.mtroyal.ca>
References: <233eb300604240755n531cf8e2vbca23c8e476a2938@mail.gmail.com> <1146083365.6026.9.camel@zephyr.internal.amnh.org> <233eb300604270446m4c1a2c12hb1fefbafe41e3cdb@mail.gmail.com> <233eb300606090658i1f5fa8bfx940f6f3d185aadbf@mail.gmail.com> <1149866630.28931.7.camel@localhost> <4489BFBC.2020009@symas.com> <233eb300610180942h1341837bjb2d3386389ffd229@mail.gmail.com> <87zmbt5wfd.fsf@rubin.l4b.de> <233eb300610181113r3052e175m6cf08ad5db462af1@mail.gmail.com> <87mz7t5npf.fsf@rubin.l4b.de> <233eb300610190654o6bbb005cs159fef079ece5fd6@mail.gmail.com> <45379F53.7070107@symas.com> <Pine.LNX.4.64.0610191016550.7705@skuld.mtroyal.ca>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060911 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

James Bourne wrote:

On Thu, 19 Oct 2006, Howard Chu wrote:
April 2003 was the date the patch went into HEAD. It may have gone into a public release at a much later date, I didn't bother to check. The 2.2.x release series was moved to Historic status quite a while ago; if you're using something that old you're on your own. Nobody on the Project cares about what may or may not be true of dead code. You can compare the CVS logs if you want to know, but if you expect to get help from this mailing list you should use a current version of the code.
None the less in order to maintain support from the paid for vendor (as *politically* required) some of us do maintain systems with this and even older openldap versions. Unfortunately some of us live in worlds where what we should do and what we are required to do diverge. Perhaps a mailing list for historic version support might be an idea?

If you're getting support from a paid-for vendor, then GO GET SUPPORT FROM YOUR PAID-FOR VENDOR. I presume that's actually what you're paying them for.

At any rate I can say that load balancers with SSL do work even on 2.0.27
(as that is what our current cluster of ldap servers are).

Yes of course, they work perfectly well when you create certificates that adhere to the published specs. (E.g. RFC 2830, or RFC 4513 which supersedes that.) The use of subjectAltName was already pointed out in this discussion multiple times so either the original poster is just ignoring that advice, or has some other unknown reason to continue beating this dead horse.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Re: load balancer with SSL
  - From: James Bourne <jbourne@mtroyal.ca>

References:
- Re: load balancer with SSL
  - From: "Jeremiah Martell" <inlovewithgod@gmail.com>
- Re: load balancer with SSL
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: load balancer with SSL
  - From: "Jeremiah Martell" <inlovewithgod@gmail.com>
- Re: load balancer with SSL
  - From: Howard Chu <hyc@symas.com>
- Re: load balancer with SSL
  - From: James Bourne <jbourne@mtroyal.ca>

Prev by Date: historic list (Was: load balancer with SSL)
Next by Date: Re: load balancer with SSL
Index(es):
- Chronological
- Thread