[Csync2] SSL Handshake Problem
Giampaolo Tomassoni
Giampaolo at Tomassoni.biz
Thu Feb 2 15:34:48 CET 2012
> One other thing to check is that the SSL certificates on all nodes have
> the exact same details, i.e. same common name etc. IMO this is
> unbelievably dumb/broken, but seems to be necessary for some reason.
You're right: it is dumb/broken, but this is the way the SSL handshake was
first implemented in csync2.
Actually, the two certificates have to be exactly the same because the
server node performs a byte comparison of the client one with its own: there
is no effective chain-of-trust verification or whatever else is usually
involved with digital certificates.
Basically, certificates in csync2 are more or less like shared keys, but
they allow for ssl encription.
Giampaolo Tomassoni
More information about the Csync2
mailing list