[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS hostname check screwed up?

To: Howard Chu <hyc@symas.com>
Subject: Re: TLS hostname check screwed up?
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 13 Aug 2009 13:13:00 +0200
Cc: openldap-devel@openldap.org
In-reply-to: <4A831BE6.5020804@symas.com>
References: <4A5BBD9F.9050809@stroeder.com> <4A5BC085.5090600@symas.com> <4A5C3C77.90806@stroeder.com> <4A82B184.1070906@stroeder.com> <4A831BE6.5020804@symas.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.22) Gecko/20090606 SeaMonkey/1.1.17

Howard Chu wrote:
> Michael Ströder wrote:
>>
>> I'm using libldap of RE24 and have a problem with host name checking when
>> doing TLS.
>>
>> OpenLDAP's debug output (real hostname exactly replaced by
>> srv.domain.local):
>>
>> ------------------------------ snip ------------------------------
>> TLS: hostname (srv.domain.local.) does not match common name in
>> certificate
>> (srv.domain.local).
>> ------------------------------ snip ------------------------------
>>
>> Is this because of the trailing dot?
> 
> Probably. The RFC requires an exact match, there's no exception for dots.

It seems I messed up something locall. Sorry for the noise.

Ciao, Michael.

References:
- TLS hostname check screwed up?
  - From: Michael Ströder <michael@stroeder.com>
- Re: TLS hostname check screwed up?
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: FAQ and ancient entries
Next by Date: Re: RE24 testing for 2.4.18
Index(es):
- Chronological
- Thread