[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with multiple DNS names in cert. [SOLVED]



[ Tony Earnshaw ]

> > Now I have compiled my own version(0.9.7a with patches) and
> > everything looks to be in order.
> 
> Always take note of what both Howard and all Norwegians on the list
> say (don't know what it is about Norwegians and LDAP.)
>
> What on earth should it be about Openssl 0.9.8 or unpatched 0.9.7a
> that alters CA certificate handling?

The problem was my version of OpenSSL. The 0.9.8-dev is really
0.9.6g(with mods), but something seems to be broken(that's what you
get from playing with unstable releases, I guess). 

With patches, I meant the security-fixes:
http://www.openssl.org/news/secadv_20030319.txt
http://www.openssl.org/news/secadv_20030317.txt

I guess a vanilla 0.9.7 og 0.9.6 would be just as good.

> Will future versions of Openldap cope with Openssl 0.9.8, or
> unpatched 0.9.7a ...?

It works very well with unpatched 0.9.7a, but you should patch it.
>From what I've seen, there should be no difference in behavor between
the two. 0.9.8 is to early to say anything about. 

-- 
Mathias Meisfjordskar
GNU/Linux addict.

"If it works; HIT IT AGAIN!"