[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (ITS#8846) Patch to introduce new LDAP option to ignore hostname checking while verifying certificates in TLS mode

To: openldap-its@OpenLDAP.org
Subject: RE: (ITS#8846) Patch to introduce new LDAP option to ignore hostname checking while verifying certificates in TLS mode
From: sudhir.singam@nokia.com
Date: Wed, 09 May 2018 05:53:28 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

SGksDQoNClRoYW5rcyBmb3IgeW91ciByZXNwb25zZS4NCg0KQmFzaWNhbGx5IG91ciB1c2UgY2Fz
ZSBjYW4gYmUgYmVsb3cgb3IgYW55IHNpbWlsYXIgb25lIHdoZXJlIHdlIHdhbnQgdG8gZGlzYWJs
ZSBob3N0bmFtZSBjaGVja2luZy4NCg0KYSkJV2Ugd2FudCB1c2UgdGhlIHNhbWUgY2VydHMgZnJv
bSBtdWx0aSBkb21haW5zDQpiKQlXZSB3YW50IHVzZSB0aGUgc2FtZSBjZXJ0cyBmb3IgYWxsIHN1
YiBkb21haW5zIHVuZGVyIGEgbWFpbiBkb21haW4uDQpjKQlETlMgc2VydmVyIGlzIG5vdCBzZXQg
dXAgICBJLmUuLCB0aGUgY2VydGlmaWNhdGUgY291bGQgYmUgaXNzdWVkIHdpdGggYSBuYW1lIGxp
a2Ug4oCcbmV0YWN0Lm9wZXJhdG9y4oCdLCBidXQgd2XigJlkIGJlIHVzaW5nIDEwLjIuMy43LCBh
bmQgRE5TIGhhcyBub3QgYmVlbiBzZXR1cCBpbiB0aGUgb3BlcmF0b3IgaW50ZXJuYWwgbmV0d29y
aw0KDQpCdXQgd2hhdCB3ZSBmZWVsIGlzIHRoYXQgdGhlcmUgc2hvdWxkIGJlIGFuIG9wdGlvbiB0
byBiZSBjaG9zZW4gYnkgdXNlciB0byBlaXRoZXIgaWdub3JlIG9yIGVuYWJsZSBob3N0bmFtZSBj
aGVja2luZy4gQWxyZWFkeSB3ZSBrbm93IHRoYXQgSFRUUCBjbGllbnRzLCBmb3IgZXhhbXBsZSwg
YnJvd3NlcnMgcHJvdmlkZSBzdWNoIG9wdGlvbiB0byB1c2VyIGFuZCBpdCdzIHVwIHRvIHRoZSB1
c2VyIHRoYXQgd2hldGhlciB0byBjb250aW51ZSBjb21tdW5pY2F0aW9uIHRvIHRoZSBzZXJ2ZXIg
b3Igbm90LCBpZiBob3N0bmFtZSBtaXNtYXRjaCBvY2N1cnMuDQoNClJGQyBodHRwOi8vd3d3Lmll
dGYub3JnL3JmYy9yZmMyODE4LnR4dCAoZm9yIEhUVFApIHNheXMgYmVsb3csIHdoaWNoIG1lYW5z
IGZvciBpbnRlcmFjdGl2ZSBvciBBVVRPTUFURUQgY2xpZW50cyBvcHRpb24gc2hvdWxkIGJlIHBy
b3ZpZGVkLg0KDQoiICAgSWYgdGhlIGhvc3RuYW1lIGRvZXMgbm90IG1hdGNoIHRoZSBpZGVudGl0
eSBpbiB0aGUgY2VydGlmaWNhdGUsIHVzZXINCiAgIG9yaWVudGVkIGNsaWVudHMgTVVTVCBlaXRo
ZXIgbm90aWZ5IHRoZSB1c2VyIChjbGllbnRzIE1BWSBnaXZlIHRoZQ0KICAgdXNlciB0aGUgb3Bw
b3J0dW5pdHkgdG8gY29udGludWUgd2l0aCB0aGUgY29ubmVjdGlvbiBpbiBhbnkgY2FzZSkgb3IN
CiAgIHRlcm1pbmF0ZSB0aGUgY29ubmVjdGlvbiB3aXRoIGEgYmFkIGNlcnRpZmljYXRlIGVycm9y
LiBBdXRvbWF0ZWQNCiAgIGNsaWVudHMgTVVTVCBsb2cgdGhlIGVycm9yIHRvIGFuIGFwcHJvcHJp
YXRlIGF1ZGl0IGxvZyAoaWYgYXZhaWxhYmxlKQ0KICAgYW5kIFNIT1VMRCB0ZXJtaW5hdGUgdGhl
IGNvbm5lY3Rpb24gKHdpdGggYSBiYWQgY2VydGlmaWNhdGUgZXJyb3IpLg0KICAgQXV0b21hdGVk
IGNsaWVudHMgTUFZIHByb3ZpZGUgYSBjb25maWd1cmF0aW9uIHNldHRpbmcgdGhhdCBkaXNhYmxl
cw0KICAgdGhpcyBjaGVjaywgYnV0IE1VU1QgcHJvdmlkZSBhIHNldHRpbmcgd2hpY2ggZW5hYmxl
cyBpdC4NCiINCg0KUkZDIGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM0NTEzIChMREFQ
KSBzYXlzIGJlbG93LCB0aGF0IEFVVE9NQVRFRCBjbGllbnQgc2hvdWxkIGxvZyBlcnJvciBidXQg
bm90IHByb3ZpZGUgYW55IGNvbmZpZ3VyYWJsZSBvcHRpb24uDQoNCuKAnA0KDQpJZiB0aGUgc2Vy
dmVyIGlkZW50aXR5IGNoZWNrIGZhaWxzLCB1c2VyLW9yaWVudGVkIGNsaWVudHMgU0hPVUxEDQog
ICBlaXRoZXIgbm90aWZ5IHRoZSB1c2VyIChjbGllbnRzIG1heSBnaXZlIHRoZSB1c2VyIHRoZSBv
cHBvcnR1bml0eSB0bw0KICAgY29udGludWUgd2l0aCB0aGUgTERBUCBzZXNzaW9uIGluIHRoaXMg
Y2FzZSkgb3IgY2xvc2UgdGhlIHRyYW5zcG9ydA0KICAgY29ubmVjdGlvbiBhbmQgaW5kaWNhdGUg
dGhhdCB0aGUgc2VydmVyJ3MgaWRlbnRpdHkgaXMgc3VzcGVjdC4NCiAgIEF1dG9tYXRlZCBjbGll
bnRzIFNIT1VMRCBjbG9zZSB0aGUgdHJhbnNwb3J0IGNvbm5lY3Rpb24gYW5kIHRoZW4NCiAgIHJl
dHVybiBvciBsb2cgYW4gZXJyb3IgaW5kaWNhdGluZyB0aGF0IHRoZSBzZXJ2ZXIncyBpZGVudGl0
eSBpcw0KICAgc3VzcGVjdCBvciBib3RoLg0K4oCcDQoNCk5vdCBzdXJlIGhvdyB0aGUgQVVUT01B
VEVEIGNsaWVudHMgZGlmZmVyIGZvciBIVFRQIG9yIExEQVAuDQoNClNvIEkgd291bGQgbGlrZSB0
byBrbm93IHdoeSB0aGlzIGlzIG5vdCBpbXBsZW1lbnRlZCBvciBjYW4ndCBiZSBpbXBsZW1lbnRl
ZCBmb3Igb3BlbkxEQVAuDQoNClJlZ2FyZHMsDQpTdWRoaXIgU2luZ2FtDQoNCkRFTElWRVJJTkcg
QkVTVC1JTi1DTEFTUyBQTEFURk9STSBpcyBvdXIgdmlzaW9uDQoNCi0tLS0tT3JpZ2luYWwgTWVz
c2FnZS0tLS0tDQpGcm9tOiBIb3dhcmQgQ2h1IFttYWlsdG86aHljQHN5bWFzLmNvbV0gDQpTZW50
OiBTdW5kYXksIE1heSAwNiwgMjAxOCAxMTo0NSBQTQ0KVG86IFNpbmdhbSwgU3VkaGlyIChOb2tp
YSAtIElOL0JhbmdhbG9yZSkgPHN1ZGhpci5zaW5nYW1Abm9raWEuY29tPjsgb3BlbmxkYXAtaXRz
QE9wZW5MREFQLm9yZw0KU3ViamVjdDogUmU6IChJVFMjODg0NikgUGF0Y2ggdG8gaW50cm9kdWNl
IG5ldyBMREFQIG9wdGlvbiB0byBpZ25vcmUgaG9zdG5hbWUgY2hlY2tpbmcgd2hpbGUgdmVyaWZ5
aW5nIGNlcnRpZmljYXRlcyBpbiBUTFMgbW9kZQ0KDQpzdWRoaXIuc2luZ2FtQG5va2lhLmNvbSB3
cm90ZToNCj4gRnVsbF9OYW1lOiBTaW5nYW0gU3VkaGlyIFJlZGR5DQo+IFZlcnNpb246IG1hc3Rl
ciBicmFuY2gNCj4gT1M6IGZlZG9yYQ0KPiBVUkw6IGZ0cDovL2Z0cC5vcGVubGRhcC5vcmcvaW5j
b21pbmcvc3VkaGlyc2luZ2FtLTE4MDUwNi5wYXRjaA0KPiBTdWJtaXNzaW9uIGZyb206IChOVUxM
KSAoNjEuMS4yMzIuMTU0KQ0KPiANCj4gDQo+IFRoZSBhdHRhY2hlZCBmaWxlIGlzIGRlcml2ZWQg
ZnJvbSBPcGVuTERBUCBTb2Z0d2FyZS4gQWxsIG9mIHRoZSBtb2RpZmljYXRpb25zIHRvDQo+IE9w
ZW5MREFQIFNvZnR3YXJlIHJlcHJlc2VudGVkIGluIHRoZSBmb2xsb3dpbmcgcGF0Y2goZXMpIHdl
cmUgZGV2ZWxvcGVkIGJ5DQo+IE5PS0lBLiBOT0tJQSBoYXMgbm90IGFzc2lnbmVkIHJpZ2h0cyBh
bmQvb3IgaW50ZXJlc3QgaW4gdGhpcyB3b3JrIHRvIGFueSBwYXJ0eS4NCj4gSSwgU0lOR0FNIFNV
REhJUiBSRUREWSBhdXRob3JpemVkIGJ5IE5PS0lBLCBteSBlbXBsb3llciwgdG8gcmVsZWFzZSB0
aGlzIHdvcmsNCj4gdW5kZXIgdGhlIGZvbGxvd2luZyB0ZXJtcy4NCj4gDQo+IE5PS0lBIGhlcmVi
eSBwbGFjZSB0aGUgZm9sbG93aW5nIG1vZGlmaWNhdGlvbnMgdG8gT3BlbkxEQVAgU29mdHdhcmUg
KGFuZCBvbmx5DQo+IHRoZXNlIG1vZGlmaWNhdGlvbnMpIGludG8gdGhlIHB1YmxpYyBkb21haW4u
IEhlbmNlLCB0aGVzZSBtb2RpZmljYXRpb25zIG1heSBiZQ0KPiBmcmVlbHkgdXNlZCBhbmQvb3Ig
cmVkaXN0cmlidXRlZCBmb3IgYW55IHB1cnBvc2Ugd2l0aCBvciB3aXRob3V0IGF0dHJpYnV0aW9u
DQo+IGFuZC9vciBvdGhlciBub3RpY2UuDQo+IA0KPiAqKioqDQo+IERlc2NyaXB0aW9uOg0KPiAN
Cj4gVGhpcyBpcyBtaW5vciBlbmhhbmNlbWVudCB0byBpbnRyb2R1Y2UgYSBuZXcgTERBUCBvcHRp
b24NCj4gIkxEQVBfT1BUX1hfVExTX0RFTUFORF9FWENMX0hPU1ROQU1FX0NIRUNLIiB0byBpZ25v
cmUgaG9zdG5hbWUgY2hlY2tpbmcgYnkNCj4gY2xpZW50IGluIFRMUyBjb21tdW5pY2F0aW9uIG1v
ZGUuIFRoaXMgaXMgdmVyeSBzaW1pbGFyIHRvDQo+ICJMREFQX09QVF9YX1RMU19ERU1BTkQiIExE
QVAgb3B0aW9uIGV4Y2VwdCB0aGF0IEhPU1ROQU1FIGNoZWNraW5nIGlzIGlnbm9yZWQuDQo+IA0K
PiBUaGlzIG9wdGlvbiBjYW4gYmUgc2V0IGJ5IGNsaWVudCBlaXRoZXIgYnkgdXNpbmcgTERBUCBB
UEkgImxkYXBfc2V0X29wdGlvbiIgb3INCj4gY2FuIGJlIGdsb2JhbGx5IHNldCBpbiB0aGUgY29u
ZmlndXJhdGlvbiBmaWxlIC9ldGMvb3BlbmxkYXAvbGRhcC5jb25mIGxpa2UNCj4gYmVsb3cuDQo+
IA0KPiBUTFNfUkVRQ0VSVCBkZW1hbmRfZXhjbF9ob3N0bmFtZV9jaGVjaw0KPiANCj4gUHVycG9z
ZToNCj4gDQo+IEdlbmVyYWxseSBvcGVyYXRvcnMgdXNlIHNhbWUgc2V0IG9mIGNlcnRpZmljYXRl
cyBmb3IgZGlmZmVyZW50IHNlcnZpY2VzIChmcm9tDQo+IGRpZmZlcmVudCBob3N0cykgd2hpY2gg
c3VwcG9ydCBUTFMgY29tbXVuaWNhdGlvbi4gV2hlbiBzdWNoIGNlcnRpZmljYXRlcyBhcmUNCj4g
dXNlZCwgdGhpcyBvcHRpb24gZ2l2ZXMgZmFjaWxpdHkgZm9yIG9wZW5sZGFwIGJhc2VkIHNlcnZp
Y2VzIHRvIGlnbm9yZSBob3N0bmFtZQ0KPiBjaGVja2luZyBhdCBjbGllbnQgc2lkZS4NCg0KTm8u
IElmIHlvdSdyZSB1c2luZyBhIHNpbmdsZSBzZXQgb2YgY2VydGlmaWNhdGVzIGZvciBtdWx0aXBs
ZSBob3N0cyB5b3Ugc2hvdWxkIA0KYmUgdXNpbmcgYSB3aWxkY2FyZCBjZXJ0LiBDbG9zaW5nIHRo
aXMgSVRTLg0KDQotLSANCiAgIC0tIEhvd2FyZCBDaHUNCiAgIENUTywgU3ltYXMgQ29ycC4gICAg
ICAgICAgIGh0dHA6Ly93d3cuc3ltYXMuY29tDQogICBEaXJlY3RvciwgSGlnaGxhbmQgU3VuICAg
ICBodHRwOi8vaGlnaGxhbmRzdW4uY29tL2h5Yy8NCiAgIENoaWVmIEFyY2hpdGVjdCwgT3BlbkxE
QVAgIGh0dHA6Ly93d3cub3BlbmxkYXAub3JnL3Byb2plY3QvDQo=

Prev by Date: Re: (ITS#8845) Cannot preserve existing controls with new extended operations
Next by Date: RE: (ITS#8846) Patch to introduce new LDAP option to ignore hostname checking while verifying certificates in TLS mode
Index(es):
- Chronological
- Thread