[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS hostname check relaxed?

Michael Ströder wrote:

I vaguely remember that there were code changes to the hostname cert
checking when connecting via StartTLS ext.op. or LDAPS. But I'd prefer
if the default behaviour would be strict like it was.

You'll have to be more specific. What are you seeing that it doesn't do any more?

I'm testing with RE24 libs.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/