v1.132 ldirectord HTTPS negotiate doesn't seem to work? FIXED(hacked)

lists at netpbx.org lists at netpbx.org
Mon Jul 10 22:28:44 BST 2006 

No one answered this... but in case anyone is interested I fixed it by 
re-introducing the old
check_https from v1.90 works like a charm :-)



malcolm wrote:
> v1.132 ldirectord HTTPS negotiate doesn't seem to work:
>
> DEBUG2: Invoking ldirectord invoked as: /etc/rc.d/init.d/ldirectord start
> DEBUG2: Starting Linux Director v1.132 with pid: 4944
> DEBUG2: Changed virtual server: 192.168.1.21:443
> DEBUG2: Enabled server=192.168.1.27
> DEBUG2: Checking negotiate: real 
> server=negotiate:https:tcp:192.168.1.27:443:::1:\/index\.html:Loadbalancer 
> (virtual=tcp:192.168.1.21:443)
> DEBUG2: check_http: url="https://192.168.1.27:443/index.html" 
> virtualhost="192.168.1.27"
> DEBUG2: SSL-Cipher:
> DEBUG2: SSL-Cert-Subject:
> DEBUG2: SSL-Cert-Issuer:
> DEBUG2: Deleted real server: 192.168.1.27:443 ( x 192.168.1.21:443)
> DEBUG2: Added fallback server: 127.0.0.1:443 ( x 192.168.1.21:443) 
> (Weight set to 1)
> DEBUG2: Disabled server=192.168.1.27
> DEBUG2: check_http: https://192.168.1.27:443/index.html is down
>
> Why is it doing an HTTP check for a HTTPS negotiate?!
> I'll take a look at the code but Perl looks like Russian to me... Any 
> pointers?
>
>
> v1.99 works fine as bellow same config file.....
>
> DEBUG2: Running exec(/etc/rc.d/init.d/ldirectord -d start)
> Running exec(/etc/rc.d/init.d/ldirectord -d start)
> DEBUG2: Starting Linux Director v1.99 with pid: 4869
> Starting Linux Director v1.99 with pid: 4869
> DEBUG2: Running system(/sbin/ipvsadm -E -t 192.168.1.21:443 -s wrr )
> Running system(/sbin/ipvsadm -E -t 192.168.1.21:443 -s wrr )
> DEBUG2: Changed virtual server: 192.168.1.21:443
> Changed virtual server: 192.168.1.21:443
> DEBUG2: Running system(/sbin/ipvsadm -e -t 192.168.1.21:443 -r 
> 192.168.1.27:443 -g -w 1)
> Running system(/sbin/ipvsadm -e -t 192.168.1.21:443 -r 
> 192.168.1.27:443 -g -w 1)
> DEBUG2: Restored real server: 192.168.1.27:443 ( x 192.168.1.21:443) 
> (Weight set to 1)
> Restored real server: 192.168.1.27:443 ( x 192.168.1.21:443) (Weight 
> set to 1)
> DEBUG2: Enabled server=192.168.1.27
> DEBUG2: Checking negotiate: real 
> server=negotiate:https:tcp:192.168.1.27:443::1:\/index\.html:Loadbalancer 
> (virtual=tcp:192.168.1.21:443)
> DEBUG2: Checking https url="https://192.168.1.27:443/index.html" 
> virtualhost="192.168.1.27"
> DEBUG2: Testing: 192.168.1.27, 443, /index.html
> Opening connection to 192.168.1.27:443 (192.168.1.27) at 
> blib/lib/Net/SSLeay.pm (autosplit into 
> blib/lib/auto/Net/SSLeay/open_tcp_connection.al) line 1462.
> Creating SSL 0 context...
> Creating SSL connection (context was '139089112')...
> Setting fd (ctx 139089112, con 139079488)...
> Entering SSL negotiation phase...
> Cipher list: DHE-RSA-AES256-SHA, DHE-RSA-AES256-SHA, 
> DHE-DSS-AES256-SHA, AES256-SHA, EDH-RSA-DES-CBC3-SHA, 
> EDH-DSS-DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-MD5, DHE-RSA-AES128-SHA, 
> DHE-DSS-AES128-SHA, AES128-SHA, RC2-CBC-MD5, DHE-DSS-RC4-SHA, RC4-SHA, 
> RC4-MD5, RC4-MD5, RC4-64-MD5, EXP1024-DHE-DSS-DES-CBC-SHA, 
> EXP1024-DES-CBC-SHA, EXP1024-RC2-CBC-MD5, EDH-RSA-DES-CBC-SHA, 
> EDH-DSS-DES-CBC-SHA, DES-CBC-SHA, DES-CBC-MD5, 
> EXP1024-DHE-DSS-RC4-SHA, EXP1024-RC4-SHA, EXP1024-RC4-MD5, 
> EXP-EDH-RSA-DES-CBC-SHA, EXP-EDH-DSS-DES-CBC-SHA, EXP-DES-CBC-SHA, 
> EXP-RC2-CBC-MD5, EXP-RC2-CBC-MD5, EXP-RC4-MD5, EXP-RC4-MD5\n at 
> blib/lib/Net/SSLeay.pm (autosplit into 
> blib/lib/auto/Net/SSLeay/sslcat.al) line 1765.
> SSLeay connect returned 1
> Cipher `DHE-RSA-AES256-SHA'
> Subject Name: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, 
> Ltd/OU=Webserver Team/CN=www.snakeoil.dom/emailAddress=www at snakeoil.dom
> Issuer  Name: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, 
> Ltd/OU=Certificate Authority/CN=Snake Oil CA/emailAddress=ca at snakeoil.dom
> sslcat 4874: sending 61 bytes...
>  write_all VM at entry=vm_unknown
>  written so far 61:61 bytes (VM=vm_unknown)
> waiting for reply...
>  got 576:0 bytes (VM=vm_unknown).
>
>
> Thanks in advance for any help,
> Regards,
> Malcolm.
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list