[Date Prev][Date Next]
Re: failover config: servers with same DNS address and TLS, subjectAltName extension
Emmanuel Dreyfus wrote:
Quanah Gibson-Mount <email@example.com> wrote:
As pointed out by Howard multiple times, nearly everything you "couldn't
find" was actually available online, in the form of published
documentation, by the folks who provided the software.
If you speak about the subjectAltName stuff, there is IMO a huge gap
getween OpenSSL reference documentation and how to actually do it. The
information is there, but there is a lot of required reading if you want
to do something. And there are a lot of mistake to do before getting it
done (cf my first attempt with subjectAltName outside the extension
Since it is an OpenSSL topic, it would make the most sense for you to submit
some suggested doc changes to the OpenSSL team. Though I suspect that in the 7
or so years that OpenLDAP has supported OpenSSL, many people have been
confronted with this problem, read the docs, and implemented the solution and
moved on to the next thing, without any fuss. As such, the relative ease with
which the problem is typically solved doesn't merit a writeup for Google to find.
It may just mean there is a language barrier, something that would better be
served by a translation of OpenSSL docs into French.
The fact that you
went to Google *before* going to the sites that actually distribute the
software and reading their documentation is unfortunately the same thing
many other people do to. And then they tend to complain about the lack of
Okay, so that could surprise you, but I actually started by searching
the OpenLDAP doc and FAQ. Then the OpenSSL web site, then Google...
That item is worth an OpenLDAP FAQ entry IMO, even if it's not really an
OpenLDAP problem. How one contribute FAQ entries, BTW? I just add it to
Yes, anybody can add entries to the FAQ (hasn't that been said enough times
already?), and you're welcome to add your corrected writeup there.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/