[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do tool verify certs with ldapi:// ?



Hi,

On Monday, 28. May 2012, Philip Guenther wrote:
> ...which then remaps that to the local hostname (if available) for the
> actual check.
> 
> Huh.  So for any URI that doesn't specify a host component, be it
> "ldapi://" or "ldap://"; or "ldaps://", the OpenLDAP tools will connect to
> the default 'host' for the schema, be it "/var/run/ldpai" or "localhost",
> but for StartTLS they'll match the server cert against the *hostname*.
> 
> I did not expect that, though I can see how it can be justified.

Sounds like a/the "clever trick" I was looking for.

Now that I knew for what I was looking ,I was able to find it in 
ibraries/libldap/tls_{o,g,m}.c

Thanks a lot
Peter


-- 
Peter Marschall
peter@adpm.de