[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do tool verify certs with ldapi:// ?

To: Philip Guenther <guenther+ldaptech@sendmail.com>
Subject: Re: How do tool verify certs with ldapi:// ?
From: Peter Marschall <peter@adpm.de>
Date: Mon, 28 May 2012 13:53:25 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <alpine.BSO.2.00.1205280421470.19907@morgaine.smi.sendmail.com>
Organization: ADPM
References: <201205280955.46138.peter@adpm.de> <alpine.BSO.2.00.1205280255250.19907@morgaine.smi.sendmail.com> <alpine.BSO.2.00.1205280421470.19907@morgaine.smi.sendmail.com>
User-agent: KMail/1.13.7 (Linux/3.2.0-2-amd64; KDE/4.7.4; x86_64; ; )

Hi,

On Monday, 28. May 2012, Philip Guenther wrote:
> ...which then remaps that to the local hostname (if available) for the
> actual check.
> 
> Huh.  So for any URI that doesn't specify a host component, be it
> "ldapi://" or "ldap://"; or "ldaps://", the OpenLDAP tools will connect to
> the default 'host' for the schema, be it "/var/run/ldpai" or "localhost",
> but for StartTLS they'll match the server cert against the *hostname*.
> 
> I did not expect that, though I can see how it can be justified.

Sounds like a/the "clever trick" I was looking for.

Now that I knew for what I was looking ,I was able to find it in 
ibraries/libldap/tls_{o,g,m}.c

Thanks a lot
Peter


-- 
Peter Marschall
peter@adpm.de

References:
- How do tool verify certs with ldapi:// ?
  - From: Peter Marschall <peter@adpm.de>
- Re: How do tool verify certs with ldapi:// ?
  - From: Philip Guenther <guenther+ldaptech@sendmail.com>
- Re: How do tool verify certs with ldapi:// ?
  - From: Philip Guenther <guenther+ldaptech@sendmail.com>

Prev by Date: Re: How do tool verify certs with ldapi:// ?
Next by Date: Very quick pointer
Index(es):
- Chronological
- Thread