[CentOS] Testing "dark" SSL sites

Travis Kendrick thepouar at gmail.com
Tue Oct 21 23:35:59 UTC 2014


On 10/21/2014 06:24 PM, lists at benjamindsmith.com wrote:
> On Tuesday, October 21, 2014 05:02:53 PM Travis Kendrick wrote:
>> On 10/21/2014 04:57 PM, lists at benjamindsmith.com wrote:
>>> So, with all the hubbub around POODLE and ssl, we're preparing a new load
>>> balancer using HAProxy.
>>>
>>> So we have a set of unit tests written using PHPUnit, having trouble
>>> validating certificates. How do you test/validate an SSL cert for a
>>> prototype "foo.com" server if it's not actually active at the IP address
>>> that matches DNS for foo.com?
>>>
>>> For non-ssl sites, I can specify the url like http://1.2.3.4/path and pass
>>> an explicit "host: foo.com" http header but that fails for SSL
>>> certificate validation.
>>>
>>> You can also set a hosts file entry, but that's also rather painful. Is
>>> there a better option?
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>> I just disabled SSLv3 altogether on my server and just use TLS. On my
>> site I only use TLS 1.2 and not earlier versions or SSL so I was never
>> affected by POODLE.
> As far as I can tell, this comment is not related to the question I asked... 
> at all. 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

I thought you were talking about dealing with POODLE. Maybe I misunderstood.
-- 
Travis Kendrick



More information about the CentOS mailing list