Package: ldirectord Version: 1.0.3-4 When ldirectord does https health checks, they fail because newer LWP versions validate the hostname used against the hostname in the certificate, and ldirectord is almost always configured with IP addresses.
The simple fix for this is here: https://github.com/mcnewton/resource-agents/commit/68fad38326b7c04efd6434e736e32fe395eafe02 I originally came across this problem on Ubuntu 14.04, but the ldirectord version found in sid still creates the LWP object with verify_hostname set, so I'm filing the bug here. If you simply update to the newest upstream release, you'll have the fix, but I want to discuss another idea. Here's a slightly redacted ldirectord config stanza that fails without a change to ldirectord: virtual=192.168.1.10:443 real=10.100.2.103:8443 masq fallback=127.0.0.1:443 masq service=https scheduler=wrr persistent=14400 protocol=tcp checktype=negotiate checkport=8443 request="services/testAlive" receive="alive" virtualhost=services.stg.example.com If LWP offers the capability, what I'd actually like to see is a way to have certificate validation still happen, but only if the configuration says to do it. Here's the same config stanza again with a couple of new lines added: virtual=192.168.1.10:443 real=10.100.2.103:8443 masq fallback=127.0.0.1:443 masq service=https scheduler=wrr persistent=14400 protocol=tcp checktype=negotiate checkport=8443 request="services/testAlive" receive="alive" virtualhost=services.stg.example.com validatecert=true sslhostname=services.stg.example.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org