[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapsearch do not work with NLDAP over SSL
thanks very much,
I did check now, that 2.1.13 and 2.1.14 from last week contains this
patch.
poli
On Mon, 3 Mar 2003 spangla@nationwide.com wrote:
>
> Poli,
>
>
> In the past, I had written my own patch to work around this problem.
>
> If I remember correctly, Howard put a change into the CVS HEAD recently on
> this. I think the bug number was ITS 2161.
>
> You might want to just apply the same change yourself before building the
> code.
>
> Go to the CVSWeb link on the www.openldap.org site. Look under
> libraries/libldap/tls.c file. I cannot remember the exact change.
> (I can't get to the web site right now).
>
>
>
>
> Petr Olivka
> <petr.olivka@vsb.cz> To: <spangla@nationwide.com>
> cc: <petr.olivka@vsb.cz>, <openldap-bugs@OpenLDAP.org>,
> <owner-openldap-bugs@OpenLDAP.org>
> bcc:
> Subject: Re: ldapsearch do not work with
> 03/03/03 10:43 AM NLDAP over SSL
>
>
>
>
>
>
> Yes, I see this in source. And what idea is in configuration file, for
> "get server certificate" "never"? I did think, that when I never get
> certificate from server, I will not check server name.
> I think, that the server name check is bug, or I badly understand the
> config file usage, probably.
>
> poli
>
>
>
> >
> > OpenLDAP + OpenSSL requires the 'cn=' in the certificate to match exactly
> > with the hostname you specify in your ldap_initialize().
> > If it is a DNS name, it must match perfectly. If it is an dotted IP
> > address, it must match perfectly. Its a security feature.
> >
> > By default 'stunnel' does not do the same check.
> >
> > -Aaron
> >
> >
> >
> >
> >
> > Petr Olivka
> > <petr.olivka@vsb.cz> To:
> <openldap-bugs@OpenLDAP.org>
> > cc:
> > Sent by: bcc:
> > owner-openldap-bugs@Ope Subject:
> ldapsearch do not work with NLDAP
> > nLDAP.org over SSL
> >
> >
> >
> > 02/03/03 08:32 AM
> >
> >
> >
> >
> >
> >
> > Hi !
> >
> > I have problem with ldaputilities to connect NLDAP server over SSL.
> >
> > When function "tls_get_cert" call "ssl3_send_alert", then server close
> > connection (all finished when client send last 29 bytes to server with
> > function "write"). I do not know if allert is too serious, or any other
> > problem, but over stunnel all work fine.
> >
> > ssl 0.9.6 and 0.9.7
> > openldap 2.1.12
> >
> > Petr Olivka
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
>
>
>