[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: failover config: servers with same DNS address and TLS, subjectAltName extension

Emmanuel Dreyfus wrote:
Quanah Gibson-Mount <quanah@zimbra.com> wrote:

As pointed out by Howard multiple times, nearly everything you "couldn't
find" was actually available online, in the form of published documentation, by the folks who provided the software.

If you speak about the subjectAltName stuff, there is IMO a huge gap getween OpenSSL reference documentation and how to actually do it. The information is there, but there is a lot of required reading if you want to do something. And there are a lot of mistake to do before getting it done (cf my first attempt with subjectAltName outside the extension section)

Since it is an OpenSSL topic, it would make the most sense for you to submit some suggested doc changes to the OpenSSL team. Though I suspect that in the 7 or so years that OpenLDAP has supported OpenSSL, many people have been confronted with this problem, read the docs, and implemented the solution and moved on to the next thing, without any fuss. As such, the relative ease with which the problem is typically solved doesn't merit a writeup for Google to find.

It may just mean there is a language barrier, something that would better be served by a translation of OpenSSL docs into French.

The fact that you went to Google *before* going to the sites that actually distribute the
software and reading their documentation is unfortunately the same thing
many other people do to. And then they tend to complain about the lack of

Okay, so that could surprise you, but I actually started by searching the OpenLDAP doc and FAQ. Then the OpenSSL web site, then Google...

That item is worth an OpenLDAP FAQ entry IMO, even if it's not really an
OpenLDAP problem. How one contribute FAQ entries, BTW? I just add it to

Yes, anybody can add entries to the FAQ (hasn't that been said enough times already?), and you're welcome to add your corrected writeup there.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/