[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/libraries/libldap tls_o.c

To: OpenLDAP Commit <openldap-commit2devel@openldap.org>
Subject: Re: commit: ldap/libraries/libldap tls_o.c
From: Howard Chu <hyc@symas.com>
Date: Thu, 30 Jul 2009 13:00:17 -0700
In-reply-to: <200907301952.n6UJq9Q1021066@cantor.openldap.org>
References: <200907301952.n6UJq9Q1021066@cantor.openldap.org>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090630 SeaMonkey/2.0a1pre Firefox/3.0.3

hyc@OpenLDAP.org wrote:

Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap

Modified Files:
	tls_o.c  1.8 ->  1.9

Log Message:
Check for CN length match as well in chkhost

Fyi, tls_g.c (GnuTLS support) already does this correctly. A quick browse thrumy Mozilla source tree shows that MozNSS does this check incorrectly. I willprobably have to write an equivalent chkhost function for tls_m.c and disabletheir default verifier.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: OL2.3 vs OL2.4 perf issues
Next by Date: Re: commit: ldap/servers/slapd/overlays sssvlv.c
Index(es):
- Chronological
- Thread