[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
FW: commit: ldap/libraries/libldap tls.c
Some sites may have been inserting string-format IP addresses as a DNSname in
their certificates' subjectAltName so they could connect (with e.g.
ldap://127.0.0.1). With this change, if the destination name is a valid IP
address then only an IPADDR will be used in the subjectAltName comparisons.
As such, string-format IP addresses in a DNSname will be ignored. This will
require folks to generate new certs if they've been working this way up till
now.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
-----Original Message-----
From: owner-openldap-commit@OpenLDAP.org
[mailto:owner-openldap-commit@OpenLDAP.org]On Behalf Of hyc@OpenLDAP.org
Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap
Modified Files:
tls.c 1.95 -> 1.96
Log Message:
Added subjectAltName:IPADDR tests to ldap_pvt_tls_check_hostname()
CVS Web URLs:
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls.c
Changes are generally available on cvs.openldap.org (and CVSweb)
within 30 minutes of being committed.