Re: failover config: servers with same DNS address and TLS, subjectAltName extension

[manu@netbsd.org (Emmanuel Dreyfus)]

Quanah Gibson-Mount <quanah@zimbra.com> wrote:

> As pointed out by Howard multiple times, nearly everything you "couldn't
> find" was actually available online, in the form of published 
> documentation, by the folks who provided the software. 

If you speak about the subjectAltName stuff, there is IMO a huge gap
getween OpenSSL reference documentation and how to actually do it. The
information is there, but there is a lot of required reading if you want
to do something. And there are a lot of mistake to do before getting it
done (cf my first attempt with subjectAltName outside the extension
section)

> The fact that you 
> went to Google *before* going to the sites that actually distribute the
> software and reading their documentation is unfortunately the same thing
> many other people do to.  And then they tend to complain about the lack of
> documentation.

Okay, so that could surprise you, but I actually started by searching
the OpenLDAP doc and FAQ. Then the OpenSSL web site, then Google...

That item is worth an OpenLDAP FAQ entry IMO, even if it's not really an
OpenLDAP problem. How one contribute FAQ entries, BTW? I just add it to
Faq-O-Matic?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org