Re: Problems with multiple DNS names in cert.

[Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>]

[ Tony Earnshaw ]

> tor, 2003-03-27 kl. 15:08 skrev Mathias Meisfjordskar:
> 
> > No, but the 
> > 
> >             X509v3 Subject Alternative Name: 
> >                 DNS:bb.uio.no
> 
> Yes, maybe, but the thing is shouting at you:
> 
> TLS: hostname (bb.uio.no) does not match common name in certificate
> (beeblebrox.uio.no).
> ldap_perror
> ldap_start_tls: Connect error (91)
>         additional info: TLS: hostname does not match CN in peer
> certificate

I know, but this is what the alternative name should fix in the cert.
Am I the only one with this problem? I've seen people claiming to have
this working(Howard Chu is one of them, I think).
 
> When you /have/ got to the stage of making it work, don't forget to
> change nis in nsswitch.conf to ldap for the things that need it.

Hehe. I'll remember. :)

> > Howard Chu said it was a client problem, but if the server
> > supports DNS-aliases, why shouldn't the client(bundled with
> > OpenLDAP) do the same? I guess I'm missing something here, but I
> > can't figure out what.
> > 
> > Is it a problem with reverse DNS lookups? I don't know.
> 
> No, your reverse lookups work fine ;)

A bit too fine, if you ask me. :)

> Eg skulde helsa frå 'n Billy og spørja kort du var vestlending eller
> nordlending.

Jeg er nordlending, men bor i Oslo. Det er her universitetet er. Du
har norske aner, eller bare kan språket?

-- 
Mathias Meisfjordskar
GNU/Linux addict.

"If it works; HIT IT AGAIN!"