[Date Prev][Date Next] [Chronological] [Thread] [Top]

start_tls: connect error

To: openldap-software@openldap.org
Subject: start_tls: connect error
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Tue, 12 Jan 2010 20:14:21 +0100
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b29 (linux)

Hi,
I just wonder whether this is a bug in openSSL or in openLDAP, anyhow
the subjectAltName attribute values are nor honoured. 
openssl-0.9.8k-3.5.3.x86_64
openldap-2.4.21

ldapwhoami -Y EXTERNAL -ZZ -H ldap://localhost
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate

openssl x509 -in cert.pem -noout -text
Subject: C=DE, L=Hamburg, O=AVCI, OU=Certificate Authority, CN=rubin.avci.de/emailAddress=hdk@dkluenter.de
...
X509v3 Subject Alternative Name: 
 DNS:localhost, DNS:ldap.xxxx.de, DNS:dkluenter.xxxx.org

Not to mention that this is OK with other versions of openldap and
openssl.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: start_tls: connect error
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: start_tls: connect error
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Admin Guide: Tuning 21.1.2 Disks and virtual servers
Next by Date: Re: start_tls: connect error
Index(es):
- Chronological
- Thread