[Date Prev][Date Next]
Re: load balancer with SSL
James Bourne wrote:
On Thu, 19 Oct 2006, Howard Chu wrote:
April 2003 was the date the patch went into HEAD. It may have gone
into a public release at a much later date, I didn't bother to check.
The 2.2.x release series was moved to Historic status quite a while
ago; if you're using something that old you're on your own. Nobody on
the Project cares about what may or may not be true of dead code. You
can compare the CVS logs if you want to know, but if you expect to get
help from this mailing list you should use a current version of the code.
None the less in order to maintain support from the paid for vendor (as
*politically* required) some of us do maintain systems with this and
openldap versions. Unfortunately some of us live in worlds where what we
should do and what we are required to do diverge. Perhaps a mailing list
for historic version support might be an idea?
If you're getting support from a paid-for vendor, then GO GET SUPPORT
FROM YOUR PAID-FOR VENDOR. I presume that's actually what you're paying
At any rate I can say that load balancers with SSL do work even on 2.0.27
(as that is what our current cluster of ldap servers are).
Yes of course, they work perfectly well when you create certificates
that adhere to the published specs. (E.g. RFC 2830, or RFC 4513 which
supersedes that.) The use of subjectAltName was already pointed out in
this discussion multiple times so either the original poster is just
ignoring that advice, or has some other unknown reason to continue
beating this dead horse.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/