[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reverse Lookup Server SSL Certivicate CN

To: ms419@freezone.co.uk
Subject: Re: Reverse Lookup Server SSL Certivicate CN
From: Frank Swasey <Frank.Swasey@uvm.edu>
Date: Wed, 7 Jan 2004 07:57:57 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <03DBBD20-40EE-11D8-87A2-000A95C71776@freezone.co.uk>
References: <03DBBD20-40EE-11D8-87A2-000A95C71776@freezone.co.uk>

Today at 12:46am, ms419@freezone.co.uk wrote:

> CN, "server.example.com". Can openLDAP be configured to compare the 
> certificate's CN to a reverse lookup of the server's IP?

You don't say what version of OpenLDAP you are using.  I know that 2.0 
fails to search the subjAltName directives.  However 2.1 does search 
there for the correct name.  If you are not wanting to generate a 
certificate that uses subjAltName (doing so will require that you 
generate your own certificates -- at least I haven't found a commercial 
certificate authority that would honor that for me) -- then you will 
need to modify the source code.

It sounds like a nice idea, but is it counter to the "authoritative" 
methods for verifying an SSL certificate?

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===

References:
- Reverse Lookup Server SSL Certivicate CN
  - From: ms419@freezone.co.uk

Prev by Date: Do you have suggestions for LDAP book ?
Next by Date: invalid credentials
Index(es):
- Chronological
- Thread