OpenLDAP + OpenSSL requires the 'cn=' in the certificate to match exactly
with the hostname you specify in your ldap_initialize().
If it is a DNS name, it must match perfectly. If it is an dotted IP
address, it must match perfectly. Its a security feature.
By default 'stunnel' does not do the same check.
-Aaron
Petr Olivka
<petr.olivka@vsb.cz> To: <openldap-bugs@OpenLDAP.org>
cc:
Sent by: bcc:
owner-openldap-bugs@Ope Subject: ldapsearch do not work with NLDAP
nLDAP.org over SSL
02/03/03 08:32 AM
Hi !
I have problem with ldaputilities to connect NLDAP server over SSL.
When function "tls_get_cert" call "ssl3_send_alert", then server close
connection (all finished when client send last 29 bytes to server with
function "write"). I do not know if allert is too serious, or any other
problem, but over stunnel all work fine.
ssl 0.9.6 and 0.9.7
openldap 2.1.12
Petr Olivka