[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch do not work with NLDAP over SSL

OpenLDAP + OpenSSL requires the 'cn=' in the certificate to match exactly
with the hostname you specify in your ldap_initialize().
If it is a DNS name, it must match perfectly.  If it is an dotted IP
address, it must match perfectly.  Its a security feature.

By default 'stunnel' does not do the same check.


                          Petr Olivka                                                                                                  
                          <petr.olivka@vsb.cz>     To:   <openldap-bugs@OpenLDAP.org>                                                  
                          Sent by:                 bcc:                                                                                
                          owner-openldap-bugs@Ope  Subject:                                          ldapsearch do not work with NLDAP 
                          nLDAP.org                over SSL                                                                            
                          02/03/03 08:32 AM                                                                                            

Hi !

  I have problem with ldaputilities to connect NLDAP server over SSL.

  When function "tls_get_cert" call "ssl3_send_alert", then server close
  connection (all finished when client send last 29 bytes to server with
  function "write"). I do not know if allert is too serious, or any other
  problem, but over stunnel all work fine.

  ssl 0.9.6 and 0.9.7
  openldap 2.1.12

  Petr Olivka