[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS hostname check screwed up?

To: openldap-devel@openldap.org
Subject: Re: TLS hostname check screwed up?
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 12 Aug 2009 15:18:08 +0200
In-reply-to: <4A82B184.1070906@stroeder.com> (Michael Ströder's message of "Wed, 12 Aug 2009 14:11:48 +0200")
References: <4A5BBD9F.9050809@stroeder.com> <4A5BC085.5090600@symas.com> <4A5C3C77.90806@stroeder.com> <4A82B184.1070906@stroeder.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Michael Ströder <michael@stroeder.com> writes:

> HI!
>
> I'm using libldap of RE24 and have a problem with host name checking when
> doing TLS.
>
> OpenLDAP's debug output (real hostname exactly replaced by srv.domain.local):
>
> ------------------------------ snip ------------------------------
> TLS: hostname (srv.domain.local.) does not match common name in certificate
> (srv.domain.local).
> ------------------------------ snip ------------------------------
>
> Is this because of the trailing dot?

Did you update opensuse-11.1 recently? I have faced some problems with
updated openssl-0.9.8h-28.10.1 and certificate verfication.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E

References:
- TLS hostname check screwed up?
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: TLS hostname check screwed up?
Next by Date: Re: TLS hostname check screwed up?
Index(es):
- Chronological
- Thread