[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapsearch do not work with NLDAP over SSL
Yes, I see this in source. And what idea is in configuration file, for
"get server certificate" "never"? I did think, that when I never get
certificate from server, I will not check server name.
I think, that the server name check is bug, or I badly understand the
config file usage, probably.
poli
>
> OpenLDAP + OpenSSL requires the 'cn=' in the certificate to match exactly
> with the hostname you specify in your ldap_initialize().
> If it is a DNS name, it must match perfectly. If it is an dotted IP
> address, it must match perfectly. Its a security feature.
>
> By default 'stunnel' does not do the same check.
>
> -Aaron
>
>
>
>
>
> Petr Olivka
> <petr.olivka@vsb.cz> To: <openldap-bugs@OpenLDAP.org>
> cc:
> Sent by: bcc:
> owner-openldap-bugs@Ope Subject: ldapsearch do not work with NLDAP
> nLDAP.org over SSL
>
>
>
> 02/03/03 08:32 AM
>
>
>
>
>
>
> Hi !
>
> I have problem with ldaputilities to connect NLDAP server over SSL.
>
> When function "tls_get_cert" call "ssl3_send_alert", then server close
> connection (all finished when client send last 29 bytes to server with
> function "write"). I do not know if allert is too serious, or any other
> problem, but over stunnel all work fine.
>
> ssl 0.9.6 and 0.9.7
> openldap 2.1.12
>
> Petr Olivka
>
>
>
>
>
>
>
>
>
>
>
>