[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: load balancer with SSL

James Bourne wrote:
On Thu, 19 Oct 2006, Howard Chu wrote:

April 2003 was the date the patch went into HEAD. It may have gone into a public release at a much later date, I didn't bother to check. The 2.2.x release series was moved to Historic status quite a while ago; if you're using something that old you're on your own. Nobody on the Project cares about what may or may not be true of dead code. You can compare the CVS logs if you want to know, but if you expect to get help from this mailing list you should use a current version of the code.

None the less in order to maintain support from the paid for vendor (as
*politically* required) some of us do maintain systems with this and even older
openldap versions. Unfortunately some of us live in worlds where what we
should do and what we are required to do diverge. Perhaps a mailing list
for historic version support might be an idea?

If you're getting support from a paid-for vendor, then GO GET SUPPORT FROM YOUR PAID-FOR VENDOR. I presume that's actually what you're paying them for.

At any rate I can say that load balancers with SSL do work even on 2.0.27
(as that is what our current cluster of ldap servers are).

Yes of course, they work perfectly well when you create certificates that adhere to the published specs. (E.g. RFC 2830, or RFC 4513 which supersedes that.) The use of subjectAltName was already pointed out in this discussion multiple times so either the original poster is just ignoring that advice, or has some other unknown reason to continue beating this dead horse.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/