Re: Testing "dark" SSL sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 10/21/2014 04:57 PM, lists@xxxxxxxxxxxxxxxxxx wrote:
> So, with all the hubbub around POODLE and ssl, we're preparing a new load 
> balancer using HAProxy. 
>
> So we have a set of unit tests written using PHPUnit, having trouble 
> validating certificates. How do you test/validate an SSL cert for a prototype 
> "foo.com" server if it's not actually active at the IP address that matches 
> DNS for foo.com? 
>
> For non-ssl sites, I can specify the url like http://1.2.3.4/path and pass an 
> explicit "host: foo.com" http header but that fails for SSL certificate 
> validation. 
>
> You can also set a hosts file entry, but that's also rather painful. Is there a 
> better option? 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
I just disabled SSLv3 altogether on my server and just use TLS. On my
site I only use TLS 1.2 and not earlier versions or SSL so I was never
affected by POODLE.
-- 
Travis Kendrick
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux