[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
certificate warnings
- To: openldap-software@openldap.org
- Subject: certificate warnings
- From: "Brett @Google" <brett.maxfield@gmail.com>
- Date: Tue, 16 Mar 2010 19:45:25 +1000
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=liiS6/bnZxk51jGRXC5+BdR7kLFugWO7BEowlgRxKGU=; b=boPxnc2xwSqx1nBmr6vCeaHYeRvNDIIyfwLY1wxryq9ams4L9ZFSaujYXEBWvZ2MaO opLZmjLGr+oDiyIAp/SwKY/2MCqUqV3ssKvEgJywBhuWZJlYVYZF0aKJTTymTiGwPjyr 3CE5S1/l8lP/nPPEjk18X90ZJ+Xy67ha8RL4U=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=AVfqiL8aRYLNitIvkz02yzlBPZsJxosgpDPyML0K7OjwECdQtfXcQsxSzJnOt3k37G RM01f9UCMaa2U6+Gkw2lSvh6G4XzkFeCGkksIX4/klc8yV1BCbdxx3Ldj+HCxAUMHoYv 9OHmuWcizR2KxXUxl1359BPOln7dfbyTbPE/M=
Hello,
Is there any way of supressing the SSL warning/error "TLS: hostname (XXXXX) does not match common name in certificate" for a syncrepl client ?
This error is being returned by a syncrepl client which is negotiating SSL talking to a syncrepl server by using it's (actual / real) server name, but as the server name returns a certificate based on its (external / content switch) server name, the ssl library on the client waits for a randomly long time, and then returns the error above as the cert returned does not exactly match the hostname configured in the provider="" line, in the syncrepl client configuration.
If it's indeed a warning, then the sycrepl client should ignore it, but it does not, so effectively it is an error as it causes the syncrepl client to abort it's connection.
A hack might be to add the "external" name to /etc/hosts on each syncrepl client with the correct ip for each syncrepl server, but was hoping for something better.
Cheers
Brett