Hi.
Am 21-04-2017 11:02, schrieb Sander Hoentjen:
[snipp]
Well, in essence certificate "weights" is what I implemented in the
patch, with the config order determining the weight. While unfortunate
for me, I can understand your reasoning. I do still think my approach
offers more flexibility.
On 04/21/2017 07:27 AM, Willy Tarreau wrote:
> On Thu, Apr 20, 2017 at 11:33:17PM +0200, Lukas Tribus wrote:
>> Hello,
>>
>>
>> Am 20.04.2017 um 15:05 schrieb Sander Hoentjen:
>>> A new patch, that puts the order like this:
>>> config:
>>> crt A crt B
>>>
>>> [...]
>>> If A contains wildcard, and
On Thu, Apr 20, 2017 at 11:33:17PM +0200, Lukas Tribus wrote:
> Hello,
>
>
> Am 20.04.2017 um 15:05 schrieb Sander Hoentjen:
> > A new patch, that puts the order like this:
> > config:
> > crt A crt B
> >
> > [...]
> > If A contains wildcard, and B contains exact match, then wildcard is used.
>
Hello,
Am 20.04.2017 um 15:05 schrieb Sander Hoentjen:
A new patch, that puts the order like this:
config:
crt A crt B
[...]
If A contains wildcard, and B contains exact match, then wildcard is used.
This last one is different behavior from what is implemented now.
People rely on the
Now with patch attached, thanks Fred :)
On 04/20/2017 03:05 PM, Sander Hoentjen wrote:
> A new patch, that puts the order like this:
> config:
> crt A crt B
>
> if A contains wildcard, but not exact match, then wildcard is used.
> if A contains exact match, exact match is used.
> (this also means
A new patch, that puts the order like this:
config:
crt A crt B
if A contains wildcard, but not exact match, then wildcard is used.
if A contains exact match, exact match is used.
(this also means that if A contains both wildcard and exact match, exact
match is used.)
If A contains wildcard, and
On 04/18/2017 11:52 AM, Willy Tarreau wrote:
> Hi Daniel,
>
> On Tue, Apr 18, 2017 at 11:25:43AM +0200, Daniel Schneller wrote:
>> Hi!
>>
>> Not being very familiar with the code, so I thought I'd ask before something
>> changes unexpectedly :)
>> I asked about certificate ordering a while ago,
Hi Daniel,
On Tue, Apr 18, 2017 at 11:25:43AM +0200, Daniel Schneller wrote:
> Hi!
>
> Not being very familiar with the code, so I thought I'd ask before something
> changes unexpectedly :)
> I asked about certificate ordering a while ago, too, and I seem to remember
> (and we currently rely on
Hi Daniel,
Yes, I understand your concern. I don't know if haproxy developers are
willing to accept this change. Personally I think it is a good idea,
because as it is now a sysadmin cannot ensure ordering of a specific
wildcard before some domain specific one, whereas with my patch you are
in
Hi!
Not being very familiar with the code, so I thought I’d ask before something
changes unexpectedly :)
I asked about certificate ordering a while ago, too, and I seem to remember
(and we currently rely on this) that exact domain matches are “weighted higher”
than wildcard matches on purpose,
This is a corrected patch against 1.7.5.
On 04/10/2017 05:00 PM, Sander Hoentjen wrote:
> No scratch that, this is wrong.
>
> On 04/10/2017 04:57 PM, Sander Hoentjen wrote:
>> The attached patch against haproxy 1.7.5 honours crt order also for
>> wildcards.
>>
>> On 04/07/2017 03:42 PM, Sander
No scratch that, this is wrong.
On 04/10/2017 04:57 PM, Sander Hoentjen wrote:
> The attached patch against haproxy 1.7.5 honours crt order also for
> wildcards.
>
> On 04/07/2017 03:42 PM, Sander Hoentjen wrote:
>> Hi Sander,
>>
>> On 04/06/2017 02:06 PM, Sander Klein wrote:
>>> Hi Sander,
>>>
The attached patch against haproxy 1.7.5 honours crt order also for
wildcards.
On 04/07/2017 03:42 PM, Sander Hoentjen wrote:
> Hi Sander,
>
> On 04/06/2017 02:06 PM, Sander Klein wrote:
>> Hi Sander,
>>
>> On 2017-04-06 10:45, Sander Hoentjen wrote:
>>> Hi guys,
>>>
>>> We have a setup where we
Hi Sander,
On 04/06/2017 02:06 PM, Sander Klein wrote:
> Hi Sander,
>
> On 2017-04-06 10:45, Sander Hoentjen wrote:
>> Hi guys,
>>
>> We have a setup where we sometimes have multiple certificates for a
>> domain. We use multiple directories for that and would like the
>> following behavior:
>> -
Hi Sander,
On 2017-04-06 10:45, Sander Hoentjen wrote:
Hi guys,
We have a setup where we sometimes have multiple certificates for a
domain. We use multiple directories for that and would like the
following behavior:
- Look in dir A for any match, use it if found
- Look in dir B for any match,
Hi guys,
We have a setup where we sometimes have multiple certificates for a
domain. We use multiple directories for that and would like the
following behavior:
- Look in dir A for any match, use it if found
- Look in dir B for any match, use it if found
- Look in dir .. etc
This works great,
16 matches
Mail list logo