[Debian-ha-maintainers] Bug#770349: ldirectord: SSL hostname check failure
Kurt Roeckx
kurt at roeckx.be
Thu Nov 20 19:22:07 UTC 2014
On Thu, Nov 20, 2014 at 09:43:02AM -0700, Shawn Heisey wrote:
> Package: ldirectord
> Version: 1.0.3-4
>
> When ldirectord does https health checks, they fail because newer LWP
> versions validate the hostname used against the hostname in the
> certificate, and ldirectord is almost always configured with IP addresses.
>
> The simple fix for this is here:
>
> https://github.com/mcnewton/resource-agents/commit/68fad38326b7c04efd6434e736e32fe395eafe02
This fix is just plain wrong and you might as well stop using
HTTPS in that case. Please fix the certificate instead. It can
contain IP addresses just as well as hostnames. It's recommended
to use the SubjectAltName, but you can put it in the CN too.
Kurt
More information about the Debian-ha-maintainers
mailing list