[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
From: Denis Sacchet <ouba@ouba.org>
Date: Mon, 10 Dec 2007 17:36:59 +0100
Cc: openldap-software@openldap.org
In-reply-to: <87zlwijx1u.fsf@magenta.l4b.de>
References: <475CEAA6.1000702@ouba.org> <87zlwijx1u.fsf@magenta.l4b.de>
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)

Dieter Kluenter a écrit :

You are connection to host ldap.domain.com
/C=FR/ST=Lorraine/L=Nancy/O=<hiddencompany>/OU=<hiddencompany>/CN=smtp.<hiddendomain>.com/emailAddress=it@<hiddendomain>.com,
but the certificate is issued to host smtp.domain.com, a certificate
verification must fail.

In fact, the trace doesn't show it, but I have an alternate domain name in the certificate, and the CN is set to the FQDN of the server (without that, OpenLDAP doesn't start), so if you look at the successful connection, the host and certificate are the same, and it works ...

Thanks for your answer ...

Best regards

Denis

References:
- Strange TLS behaviour with slapd 2.3.30 on Debian Etch
  - From: Denis Sacchet <ouba@ouba.org>
- Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: RE: Active/Active servers
Next by Date: Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
Index(es):
- Chronological
- Thread