8738 – test066-autoca aborts with TLS error

Issue 8738 - test066-autoca aborts with TLS error

Summary: test066-autoca aborts with TLS error

Status:	VERIFIED INVALID

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-09-20 13:03 UTC by dieter@dkluenter.de
Modified:	2020-09-01 21:27 UTC (History)
CC List:	0 users

See Also:

Attachments
dkluenter-20-07-17-autoca.patch (1.68 KB, patch) 2020-03-23 16:44 UTC, Quanah Gibson-Mount	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description dieter@dkluenter.de 2017-09-20 13:03:41 UTC

Full_Name: Dieter Kluenter
Version: 
OS: OpenSUSE
URL: ftp://ftp.openldap.org/incoming/dkluenter-20-07-17-autoca.patch
Submission from: (NULL) (93.214.247.185)


test066-autoca aborts with

adding new entry "cn=module,cn=config"

adding new entry "olcOverlay=autoca,olcDatabase={1}mdb,cn=config"

dn: cn=localhost,ou=Servers,dc=example,dc=com
userCertificate;binary:
userPrivateKey;binary:

ldap_start_tls: Connect error (-11)
        additional info: TLS: hostname does not match CN in peer certificate

this small patch solves this error

Comment 1 OpenLDAP project 2019-04-17 21:56:28 UTC

has patch

Comment 2 Quanah Gibson-Mount 2019-04-17 21:56:28 UTC

changed notes

Comment 3 Quanah Gibson-Mount 2020-03-23 16:44:04 UTC

Created attachment 672 [details]
dkluenter-20-07-17-autoca.patch

Comment 4 Quanah Gibson-Mount 2020-09-01 21:27:36 UTC

Hi Dieter,

Your change removes startTLS from being critical, which is a critical part of what's being tested.  I.e., it allows the startTLS operation to fail.

If you're still seeing this issue, it would imply that your system does not have a validly configured "localhost".

Regards,
Quanah